{ "id": "a515ca87-7eb1-49f1-b4fd-b8a7f210048a", "created_at": "2026-04-06T00:16:09.738121Z", "updated_at": "2026-04-10T03:24:11.783963Z", "deleted_at": null, "sha1_hash": "10c76146c47c2c40b61ceba1a860a438de875104", "title": "Magecart Hacker Group Hits 17,000 Domains—and Counting", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 565757, "plain_text": "Magecart Hacker Group Hits 17,000 Domains—and Counting\r\nBy Brian Barrett\r\nPublished: 2019-07-11 · Archived: 2026-04-05 20:30:33 UTC\r\nJul 11, 2019 6:00 AM\r\nHack Brief: A Card-Skimming Hacker Group Hit 17K Domains—and Counting\r\nMagecart hackers are casting the widest possible net to find vulnerable ecommerce sites—but their method could\r\nlead to even bigger problems.\r\nWalker and Walker/Getty Images\r\nYou may not recognize the name Magecart, but you’ve seen its impact. A set of sophisticated hacking groups,\r\nMagecart has been behind some of the bigger hacks of the past few years, from British Airways to Ticketmaster,\r\nall with the singular goal of stealing credit card numbers. Think of them as the ATM skimmers of the web. And\r\nthanks to poor security hygiene, they’ve managed to hit 17,000 domains in the past few months alone.\r\nYou’ve read your last free article.\r\nhttps://www.wired.com/story/magecart-amazon-cloud-hacks/\r\nPage 1 of 3\n\nThe intersection of technology, power, and culture. Start your free trial and get access to 5 all-new premium\r\nnewsletters—cancel anytime.\r\nSTART FREE TRIAL\r\nAlready a subscriber? Sign In\r\nThe intersection of technology, power, and culture. Start your free trial and get access to 5 all-new premium\r\nnewsletters START FREE TRIAL\r\nhttps://www.wired.com/story/magecart-amazon-cloud-hacks/\r\nPage 2 of 3\n\nBrian Barrett is the executive editor of WIRED. Previously he was the editor in chief of the tech and culture site\r\nGizmodo and was a business reporter for the Yomiuri Shimbun, Japan’s largest daily newspaper. ... Read More\r\nDon't Just Keep Up. Get Ahead\r\nSign up for the Daily newsletter to get our biggest stories, handpicked for you each day.\r\nRead More\r\nSource: https://www.wired.com/story/magecart-amazon-cloud-hacks/\r\nhttps://www.wired.com/story/magecart-amazon-cloud-hacks/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "references": [ "https://www.wired.com/story/magecart-amazon-cloud-hacks/" ], "report_names": [ "magecart-amazon-cloud-hacks" ], "threat_actors": [ { "id": "d90307b6-14a9-4d0b-9156-89e453d6eb13", "created_at": "2022-10-25T16:07:23.773944Z", "updated_at": "2026-04-10T02:00:04.746188Z", "deleted_at": null, "main_name": "Lead", "aliases": [ "Casper", "TG-3279" ], "source_name": "ETDA:Lead", "tools": [ "Agentemis", "BleDoor", "Cobalt Strike", "CobaltStrike", "RbDoor", "RibDoor", "Winnti", "cobeacon" ], "source_id": "ETDA", "reports": null }, { "id": "5a0483f5-09b3-4673-bb5a-56d41eaf91ed", "created_at": "2023-01-06T13:46:38.814104Z", "updated_at": "2026-04-10T02:00:03.110104Z", "deleted_at": null, "main_name": "MageCart", "aliases": [], "source_name": "MISPGALAXY:MageCart", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434569, "ts_updated_at": 1775791451, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/10c76146c47c2c40b61ceba1a860a438de875104.pdf", "text": "https://archive.orkl.eu/10c76146c47c2c40b61ceba1a860a438de875104.txt", "img": "https://archive.orkl.eu/10c76146c47c2c40b61ceba1a860a438de875104.jpg" } }