Digital threat management company RiskIQ tracks the activity of MageCart group and reported their use of web-based card skimmers since 2016.
No exploited CVEs have been attributed to this threat actor yet.