The Indonesian National Police in a joint press conference with Interpol earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers.
Dubbed ‘Operation Night Fury,’ the investigation was led by Interpol’s ASEAN Cyber Capability Desk, a joint initiative by law enforcement agencies of Southeast Asian countries to combat cybercrime.
According to the press conference, all three accused (23, 26, and 35 years old) were arrested last year in December from Jakarta and Yogyakarta and charged with criminal laws related to the data theft, fraud, and unauthorized access.
Just like most of the other widespread Magecart attacks, the modus operandi behind this series of attacks also involved exploiting unpatched vulnerabilities in e-commerce websites powered by Magento and WordPress content management platforms.
Hackers then secretly implanted digital credit card skimming code—also known as web skimming or JS sniffers—on those compromised websites to intercept users’ inputs in real-time and steal their payment card numbers, names, addresses and…