Friday, October 4, 2024
HomeCyber CrimeMicrosoft Warns Of Storm-0539's Aggressive Gift Card Theft

Microsoft Warns Of Storm-0539’s Aggressive Gift Card Theft

Published on

Gift cards are attractive to hackers since they provide quick monetization for stolen data or compromised systems.

Reselling gift cards is simple, and they can also be converted into money, which makes them a comparatively risk-free means of ensuring threat actors benefit greatly from their illegal undertakings.

Microsoft cybersecurity analysts recently discovered that the gift card system is targeted by a threat group known as Storm-0539 (aka Atlas Lion). 

- Advertisement - EHA

It adjusts its methods to be relevant to changes taking place across retail, payment, and other industries associated with it.

Storm-0539’s illicit gift card theft ventures are coordinated via encrypted channels and underground forums.

ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service

Technical Analysis

This involves exploiting technological vulnerabilities and conducting social engineering campaigns that compromise gift card portals, allowing the stolen cards to be converted into untraceable cash.

Compared to threat actors targeting scalable attacks for quick profits, this actor stands out due to the fact that they quietly steal through gift cards.

Storm-0539 is a Morocco-based threat group whose activities escalate towards major holidays such as Christmas, New Year’s Day. 

Their invasion trials accounted for 30% to 60% of the total during summer, autumn, and winter in 2023-2024.

Storm-0539 is a group that has adapted to modern payment card fraud, among other tactics.

These include phishing, smishing, device registration for MFA bypass, and third-party access used to hack cloud identities and gift card portals of retailers, brands, and restaurants. 

Storm-0539 intrusion lifecycle (Source – Microsoft)

They become more interested in how they can use their profound understanding of the cloud to successfully carry out gift card issuance schemes targeting staff with access privileges rather than relying on malware.

Storm-0539’s reconnaissance and ability to leverage cloud environments resemble those of nation-state threat actors, illustrating how espionage methods currently influence financially motivated threat actors.

Storm-0539 behaves like state-sponsored advanced hacking groups, focusing on cloud software, identities, and access rights to compromise the gift card printing process instead of end-users.

They pretend to be genuine organizations that use free cloud resources to hide their operation.

Their tools of deception involve typosquatting websites mimicking U.S. non-profits through which they can download authentic 501(c)(3) IRS letters and then approach sponsored cloud services for charities using them.

The combination of nation-state tradecraft with financial motives represents new threats from actors like Storm-0539 and Octo Tempest.

The group’s efficiency in creating free trials and compromising cloud services allows them to launch targeted operations with minimal costs.

Recommendations

Here below we have mentioned all the recommendations provided:-

  • Token protection and least privilege access
  • Phishing-resistant MFA
  • Adopt a secure gift card platform and implement fraud protection solutions
  • Require a secure password change when user risk level is high
  • Educate employees
  • Reset passwords for users associated with phishing and AiTM activity
  • Enable zero-hour auto purge (ZAP) in Microsoft Defender for Office 365
  • Update identities, access privileges, and distribution lists to minimize attack surfaces

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Hackers Attacking AI Agents To Hijacking Customer Sessions

Conversational AI platforms, powered by chatbots, are witnessing a surge in malicious attacks, which...

Malicious App On Google Play Steals Cryptocurrency From Android Users

Cybercriminals have shifted their focus to mobile devices, targeting users with a malicious crypto...

Octo2 Android Malware Attacking To Steal Banking Credentials

The original threat actor behind the Octo malware family has released a new variant,...