Microsoft’s recent “Cyber Signals” report sheds light on the activities of the Storm-0539 hacking group and a rise in gift card theft leading up to Memorial Day in the United States. The FBI had previously warned about Storm-0539’s advanced techniques for gift card theft, likening their tactics to state-sponsored hackers. Microsoft notes a 60% increase in Storm-0539 activity during the winter holidays and a 30% increase between March and May 2024.
Storm-0539, a Moroccan group active since 2021, focuses on payment and gift card fraud. They employ reconnaissance efforts and personalized phishing messages to target employees of gift card issuers. Once gaining access to a target environment, they register their own devices for persistence and move laterally through various platforms to access credentials for creating new gift cards that can be monetized online or through money mules.
To facilitate their attacks, Storm-0539 creates fake nonprofit websites to register with cloud service providers at low cost. Their ability to exploit cloud environments mirrors tactics used by state-sponsored threat actors, showcasing a convergence of techniques between financially motivated criminals and highly sophisticated hackers.
Microsoft recommends gift card issuers monitor for anomalies, implement access policies to prevent large numbers of cards being generated from a single account, use token replay protection measures, enforce least privilege access, and utilize FIDO2 security keys for high-risk accounts. Retailers can also help disrupt the profit chain of threat actors like Storm-0539 by recognizing and rejecting suspicious orders.
While these attacks may not directly impact holiday shoppers, internet users should remain cautious against scams, fake stores, and malvertising as they prepare for Memorial Day. Taking proactive measures to safeguard personal information and being vigilant against fraudulent activities can help mitigate the risks associated with cyber threats during this holiday season.
Article Source
https://www.bleepingcomputer.com/news/security/microsoft-spots-gift-card-thieves-using-cyber-espionage-tactics/