Hackers Peruse Dow Jones Subscribers, Breach Samsung Pay’s Tech Provider and Slurp 11,000 Outlook Passwords

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Banking Details on Dow Jones Subscribers Possibly Breached

It appears criminals hacked the Wall Street Journal-publisher’s systems to access customer contact information with the intent of sending deceptive mailings. Dow Jones also owns MarketWatch and Barron’s.

The crooks possibly compromised payment card information in the process.

Dow Jones notified potential victims in an Oct. 9 letter. Law enforcement officials informed the company of a possible breach in late July.

Chinese Hackers Hit Corporate Network of Samsung’s Mobile Payment Subsidiary

LoopPay, a U.S. division of the South Korean electronics giant, was attacked by a group of government-affiliated Chinese hackers. The data breach occurred before the subsidiary’s technology became the core of Samsung’s new mobile payment system.

As early as March, the attacker penetrated the computer network of LoopPay, which was acquired by Samsung in February.

LoopPay did not learn of the intrusion until late August, when researchers came across LoopPay’s data while tracking the suspected hacker ring, called the Codoso Group, during a separate investigation.

LoopPay executives said the hackers appeared to have been targeting the company’s technology, known as magnetic secure transmission, or MST. That technique is key to the Samsung Pay mobile payment wallet that recently made its public debut in the United States.

Attack Targeting Microsoft Outlook Vacuums a Ton of Credentials

Sophisticated malicious code that infected an Outlook Web application stole nearly all of a large organization’s email passwords.

Cybereason, a security firm, discovered the attack after receiving a call from an unnamed customer that noticed several behavioral oddities in its network. 

“The attack was carried out for months against an organization with 19,000 endpoints" -- a variety of devices -- "and credentials for more than 11,000 user accounts were sniffed and stolen,” reports Kaspersky Lab.

The sketchy file contained a backdoor, allowing the attackers to come and go as they pleased for a long period of time. Because the file ran on the server, it was able to capture all Web transactions.

“As a result, the attackers behind this advanced persistent threat—the term given to malware campaigns that target a specific organization for months or years—were able to steal the passwords of just about anyone accessing the server,” reports Ars Technica.

America’s Thrift Stores Penetrated by Cybercrime Gang

Customers of the southern chain have been impacted by a hack into a service provider’s software.

It is believed criminals from Eastern Europe accessed customer payment card numbers by infecting the application with malicious code.

“This virus/malware, is one of several infecting retailers across North America. The U.S. Secret Service tells us that only card numbers and expiration dates were stolen,” the company’s website states.

The thrift shops sell donated items to support Christian ministries.