A Morocco-based cybercrime group, Storm-0539, is making headlines for its sophisticated email and SMS phishing attacks aimed at stealing and reselling gift cards. Microsoft’s latest Cyber Signals report reveals that this group is responsible for significant financial theft, with some companies losing up to $100,000 daily.
First identified by Microsoft in December 2023, Storm-0539, also known as Atlas Lion, has been active since late 2021. The group employs social engineering techniques to harvest victims’ credentials through adversary-in-the-middle (AitM) phishing pages. They exploit this access to register their own devices, bypass authentication, and maintain persistent access to create fraudulent gift cards.
The group’s attack strategy includes gaining covert access to cloud environments for extensive reconnaissance, targeting large retailers, luxury brands, and fast-food chains. They aim to redeem and sell gift cards on black markets or use money mules to cash out.
This marks an evolution from their previous tactics of stealing payment card data via malware on point-of-sale (PoS) devices.
Microsoft noted a 30% increase in Storm-0539’s activities between March and May 2024, emphasizing their deep understanding of cloud systems to manipulate gift card issuance processes.
In addition to stealing login credentials, Storm-0539 targets secure shell (SSH) passwords and keys, which are either sold or used for further atta
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: