Hackers linked with North Korean government applied the web skimming technique to steal cryptocurrency in a previously undocumented campaign that started early last year, researchers say. The attacks compromised customers of at least three online stores and relied on infrastructure used for web skimmers. The attackers modified the malicious JavaScript script to replace the store s Bitcoin address with one they controlled. This way, online shoppers money would end up in the attacker’s wallet. A set of four cryptocurrency addresses extracted from the malicious script indicate a profit.
Source: https://www.bleepingcomputer.com/news/security/north-korean-hackers-adapt-web-skimming-for-stealing-bitcoin/