VERY IMPORTANT

root9B discovered an advanced, targeted PoS intrusion focused on harvesting payment card information for exfiltration. The adversary’s campaign has active and operational Command and Control (C2) servers. root9B’s analysis determined that the adversary is using advanced memory-resident techniques to maintain persistence and avoid detection. The malware likely required a significant amount of time and knowledge to create. We typically see techniques at this level by well-resourced, well-funded, motivated adversaries.