Gemini company logo

Gemini Advisory Blog

May 4, 2022
Russian Invasion of Ukraine and Sanctions Portend Rise in Card Fraud

This report analyzes technical, political, and socioeconomic factors contributing to the scale of card fraud conducted by Russia-based threat actors within the context of the Russian invasion of Ukraine. The sources for this report are Russian-language dark web forums and Telegram channels, information provided by the Ukrainian government, and open-source reporting. The intended audience of […]

Read more
January 26, 2022
Gemini Annual Report 2021: Magecart Thrives in the Payment Card Fraud Landscape

01/26/2022 Key Findings The underground payment card economy in 2021 saw new tactics enable new attack vectors, raising certain fraud schemes to higher prominence, such as attacks leveraging Google Tag Manager (GTM) and WebSockets, the Skimmer-as-a-Service model, and card checker innovations.  The levels of Card Present (CP) records offered for sale on the dark web […]

Read more
January 13, 2022
FIN7 Uses Flash Drives to Spread Remote Access Trojan

01/13/2022 Executive Summary Recorded Future analysts continue to monitor the activities of the FIN7 group as they adapt and expand their cybercrime operations. Gemini has conducted a more in-depth investigation into these types of attack after a Gemini source provided analysts with the file “sketch_jul31a.ino”, which was linked to FIN7’s BadUSB attacks. The file had […]

Read more
December 6, 2021
Magecart Groups Abuse Google Tag Manager

12/06/2021 Key Findings Gemini analysts have identified 316 e-commerce sites worldwide infected with trojanized Google Tag Manager (GTM) containers as part of an ongoing Magecart campaign. This tactic has become increasingly popular this year. The abuse of this legitimate Google service is concerning because it provides threat actors free infrastructure upon which they can host […]

Read more
October 21, 2021
FIN7 Recruits Talent For Push Into Ransomware

The intelligence in this report was gathered by a source who was recruited by “Bastion Secure”. Gemini Advisory’s investigation and analysis of the source’s information has been ongoing for the past several months. Although sensitive information has been redacted from this report to protect the source, Gemini Advisory has provided law enforcement with the complete […]

Read more
September 23, 2021
Cybercriminals Abuse Donation Sites for Card Testing

Key Findings When selling stolen payment cards, dark web marketplaces or individual fraudsters often use “testing services”, which allow them to test whether a card is valid for conducting fraudulent activity or whether it has been flagged as stolen. Gemini analysts have uncovered a method in which cybercriminals use nonprofit organizations that accept donations to […]

Read more

Choose your region:

Choose your state:

Schedule Call
This website uses cookies

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services

Allow all cookies