The FBI issued an alert May 16 warning security teams that cyber actors were able to scrape credit card data from a U.S. business in January by injecting malicious PHP code into its online checkout page.
The data was then sent to a server that spoofed a legitimate card processing service. Furthermore, the unidentified actors established a backdoor to the business’ system by modifying two files within the checkout page.
The FBI shared indicators of compromise (IOCs) in the alert to assist in network defense, as well as recommendations for mitigations.