Multiple Magecart attacks are skimming credit cards from sites at the same time, according to research from PerimeterX. These don t seem to be coordinated, given that each of the attacks were different in terms of the techniques used to compromise the target retailers. Multiple attacks targeted Magento-based sites and used similar methods of code injection, and served malicious first-party code to unsuspecting users. The presence of multiple skimmers indicates that the Magecart groups are less affiliated with each other than many believe.
Source: https://threatpost.com/magecart-groups-attack-simultaneous-sites-in-card-theft-frenzy/149872/