PEX Superstore

PEX Superstore operates an e-commerce platform under the domain PEXSuperstore.com. As an online retailer headquartered in the United States of America, its primary function involves selling goods or services directly to consumers via the internet. The core activity facilitating its business model is an online checkout process where customers finalize purchases and submit payment information. This digital storefront represents its main channel for commercial transactions and customer engagement.

The organisation experienced a significant cybersecurity incident on November 4, 2019. During this event, PEXSuperstore.com suffered simultaneous compromises orchestrated by two distinct cybercrime groups associated with the Magecart threat actor collective. Both groups successfully infiltrated the website's infrastructure with the shared objective of stealing sensitive customer data directly from the checkout process. Their coordinated yet independent attacks resulted in the theft of payment card details alongside personally identifiable information submitted by customers completing purchases on the platform.

These attackers employed differing technical methods to achieve their malicious goals while operating concurrently on the compromised site. One group utilized a deceptive tactic, injecting a malicious script designed to masquerade as legitimate Google Analytics code. This script subsequently loaded an obfuscated payment card skimmer from a domain controlled by the attackers. The second group adopted a more direct approach, modifying the website's existing checkout script itself to capture customer payment data and exfiltrate it directly to a separate, attacker-controlled server. This incident highlighted vulnerabilities within the Magento e-commerce platform exploited opportunistically by multiple actors. Notably, both skimming operations functioned simultaneously on PEXSuperstore.com without any apparent coordination or awareness of each other's presence, demonstrating the chaotic nature of such unaffiliated attacks targeting the same victim. The compromise underscored the critical risk to customer data security inherent in the platform's checkout functionality.