UltraRank:
The unexpected twist of a JS-sniffer triple threat

New stage in JS-sniffers research. From analyzing malware families to identifying threat actors

Download report

In this report

For five years, the cybercriminal group UltraRank has conducted campaigns using JS-sniffers, improved their infrastructure, created monetization instruments, and modified malicious code.

The group’s arsenal includes both standalone attacks and attacks on third-party suppliers. UltraRank has also hijacked tools created by its competitors and confronted hackers who imitated a cardshop associated with the group.

Given that investigators have attributed many of UltraRank’s attacks to other threat actors, the group has managed to stay unnoticed for the most part.

At the moment the group remains active, with their latest infections being detected in June 2020.

691 online stores and
13 third-party suppliers

for websites were attacked by UltraRank. Total number of infected sites may reach 100K


$5,000-7,000

is the daily estimated income of a cardshop connected with the group’s infrastructure


At least 3 campaigns

led by UltraRank were previously attributed to other groups by researchers

Excerpt from the report

During its activity, UltraRank has built an autonomous business model with a unique technical and organizational structure, as well as its own sales and monetization system for stolen bank card data.

The group is not an ordinary player in this criminal market, which is also proven by their methods of competitive struggle: Group-IB experts recorded UltraRank’s attacks on competing groups, as well as on phishing pages imitating cardshop associated with cybercriminals.

Download to learn:

Threat evolution

Evolution of UltraRank’s TTPs, differences between campaigns, major changes to JS sniffers

Group’s actions

UltraRank’s standalone and supply chain attacks, and its confrontations with competitors

Recommendations

Understanding the threat and following a set of rules can secure your business from similar attacks

Download report: "UltraRank: The unexpected twist of a JS-sniffer triple threat"

Group-IB research on targeted attack groups

Thank you for your interest in our research.

Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

Thank you for your interest in our research.

Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

Thank you for your interest in our research.

Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

Thank you for your interest in our research.

Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

Thank you for your interest in our research.

Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

Thank you for your interest in our research.

Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

Thank you for your interest in our research.

Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

Thank you for your interest in our research.

Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

Thank you for your interest in our research.

Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

Thank you for your interest in our research.

Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

Thank you for your interest in our research.

Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

Thank you for your interest in our research.

Please fill in the form below and we will send you the Group-IB report. Make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

Thank you for your interest in our research.

Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

Thank you for your interest in our research.

Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

Thank you for your interest in our research.

Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

Report an incident

24/7 Incident Response Assistance +65 3159-4398

Thank you for the inquiry! We will contact you soon.
Cookies

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

 
All you need to know to #StayCyberSafe