IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

FBI raids Chinese POS business following cyber attack claims

The business has been accused of selling terminals that acted as malware droppers and C2 servers

The FBI has raided the Jacksonville warehouse of a Chinese point of sale (POS) terminal vendor after reports that the terminals were being used as part of a network distributing malware.

The company in question, PAX Technology, is based in Shenzhen, China. FBI agents executed a court-authorized search at the firm’s warehouse in Jacksonville, Florida.

In a statement to Jacksonville-based WOKV.com, the FBI said that in partnership with Homeland Security Investigations, Customs and Border Protection, Department of Commerce, and Naval Criminal Investigative Services, and with the support of the Jacksonville Sheriff’s Office, it executed “a court-authorized search at this location in furtherance of a federal investigation”.

“We are not aware of any physical threat to the surrounding community related to this search. The investigation remains active and ongoing and no additional information can be confirmed at this time.”

According to a report by Krebs on Security, the FBI began investigating PAX after a major US payment processor started asking questions about unusual network packets originating from the company’s payment terminals.

A source told the publication that the payment processor found that the PAX terminals were being used both as a malware dropper and a C2 server for staging attacks and collecting information.

The source also said that two financial providers, one in the US and one in the UK, had begun removing PAX terminals from the payment infrastructure, adding that that there was proof that these terminals were used to mount cyber attacks.

Related Resource

Mobile order and Pay at Table

Everything restaurants need to know to succeed with mobile self-service

Whitepaper front coverFree Download

“The packet sizes don’t match the payment data they should be sending, nor does it correlate with telemetry these devices might display if they were updating their software. PAX is now claiming that the investigation is racially and politically motivated,” the source told Krebs on Security.

FBI agents are also investigating at the company’s other location in Jacksonville. Shares of PAX plunged 43.3% in Hong Kong and stopped trading on news of the raid. PAX is the third-largest provider of electronic payment terminals in the world, after Florida-based Verifone and France's Ingenico.

As reported in IT Pro, the retail sector is a top target for cyber criminals as retailers have access to a wealth of sensitive data about their customers, who use often-repeated login details for their accounts.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022