December 16, 2023 at 12:36AM
Microsoft is alerting about an increase in malicious activities by an emerging threat group, Storm-0539, targeting retail entities through advanced email and SMS phishing attacks. The attacks aim to steal credentials and session tokens to conduct gift card fraud and theft during the holiday shopping season. The group is financially motivated and known for extensive reconnaissance and leveraging cloud resources for post-compromise activities. Microsoft also warned about other threat actors utilizing OAuth applications for financially motivated cyber crimes.
Key takeaways from the meeting notes about online security/cybercrime on December 16, 2023:
– Microsoft has warned of an increase in malicious activity from an emerging threat cluster known as Storm-0539, primarily targeting retail entities during the holiday season with sophisticated email and SMS phishing attacks.
– The attacks aim to lead victims to phishing pages that harvest credentials and session tokens, bypassing MFA protections and persisting in the environment with compromised identities.
– Storm-0539 then leverages the foothold to escalate privileges, move laterally across the network, access cloud resources, and obtain sensitive information, particularly targeting gift card-related services.
– The adversary engages in extensive reconnaissance of targeted organizations to create convincing phishing lures and steal user credentials and tokens for initial access.
– Microsoft described Storm-0539 as a financially motivated group that has been active since at least 2021, adept at leveraging cloud providers and targeting cloud services for post-compromise activities.
– Additionally, Microsoft obtained a court order to seize the infrastructure of a Vietnamese cybercriminal group called Storm-1152, which had sold access to millions of fraudulent Microsoft accounts and identity verification bypass tools.
– Microsoft also warned about threat actors abusing OAuth applications to automate financially motivated cyber crimes, such as business email compromise, phishing, large-scale spamming campaigns, and illicit cryptocurrency mining.
For further exclusive content, you can follow the source on Twitter and LinkedIn.