Malware

CosmicSting Attacks Hit Adobe Commerce, Magento Stores

Share
A person scans and downloads an app to start the process of converting their physical driver license to an official digital version to be stored on a mobile phone at a Harmons Grocery store on Aug. 4, 2021, in Salt Lake City, Utah. (Photo by George Frey/Getty Images)

More than 4,200 Adobe Commerce and Magento online stores, including those belonging to Cisco, Whirlpool, Segway, Ray-Ban, and National Geographic, have been breached in attacks involving the critical CosmicSting information disclosure vulnerability, tracked as CVE-2024-34102, since June, BleepingComputer reports.

Intrusions leveraging CosmicSting have been launched by seven financially motivated threat operations — including Belki, Bobry, Burunduki, Khomyaki, Ondatry, and Surki — against almost 5% of all stores to facilitate Magento cryptographic key exfiltration and payment skimmer injections, according to a report from Sansec.

While Whirlpool, Segway, and Ray-Ban are believed to have remediated the issue, other organizations have been urged to immediately upgrade their Adobe Commerce and Magento implementations amid the threat of escalating exploitation.

"Sansec projects that more stores will get hacked in the coming months, as 75% of the Adobe Commerce & Magento install base hadn't patched when the automated scanning for secret encryption keys started," said the report.

Related Terms

Adware