Cyber Threat Actor: Denarius
| Actor Type | Location | Known Incidents |
Criminal
|
Russia
|
1 incident |
|---|
Profile
Actor known asDenarius is known to operate from Russia and is linked to the cybercriminal group responsible for the Target and Home Depot payment card breaches. The actor’s activity is financially motivated, focusing on the theft and sale of payment card data on underground markets such as Rescator[dot]cm. They have primarily targeted online reservation services for airport parking, compromising websites like Book2Park.com, Park N Fly and OneStopParking.com. The stolen card data from these services has been observed to command higher prices, attributed to a higher proportion of European‑issued cards. No public indication of espionage or disruptive intent has been associated with their operations.
The group’s tradecraft involves planting malicious files on the victim’s web server that intercept card information as it is entered into online forms, capturing the data before it is encrypted—a technique commonly described as web skimming. The specific malware family or toolset used has not been disclosed in the reporting. Initial access to the servers is not detailed in the available sources, but the presence of the malicious code suggests a compromise of the web‑hosting environment. Notable campaigns include the December 2014 breach of Book2Park.com, which followed earlier compromises of Park N Fly and OneStopParking.com by the same actor. The stolen card batches were advertised under the name “Denarius” on the Rescator marketplace, with prices ranging from $12 to $18 per card, higher than the $6 to $13 seen for cards from the earlier parking‑service breaches. These incidents illustrate a repeated focus on e‑commerce parking platforms and the actor’s reliance on the resale of harvested payment credentials.
