Microsoft spots gift card thieves using cyber-espionage tactics

Microsoft spots gift card thieves using cyber-espionage tactics

May 23, 2024 at 03:33PM

Microsoft has released a “Cyber Signals” report revealing information about the hacking group Storm-0539 and an increase in gift card theft leading up to the Memorial Day holiday in the United States. The report highlights the group’s advanced techniques and a rise in their activity before major holidays. Microsoft also provides defense recommendations to mitigate these threats.

From the meeting notes, we’ve gathered that Microsoft has released a “Cyber Signals” report about the threat group Storm-0539 and a significant increase in gift card theft leading up to the Memorial Day holiday in the United States. The report highlights the tactics and activities of Storm-0539, which is a Moroccan financially motivated threat group focusing on gift card and payment card fraud. Their techniques include reconnaissance efforts, phishing messages targeting employees of organizations that issue gift cards, and abuse of cloud service providers for low-cost operations.

Microsoft’s report also outlines the intrusion lifecycle of Storm-0539, detailing how they gain access to a target environment, move laterally, and eventually access credentials to create new gift cards for redemption on dark web markets or in stores.

In response, Microsoft recommends that gift card issuing portal operators implement various measures such as constant monitoring for anomalies, conditional access policies, token replay protection, and least privilege access enforcement. Additionally, merchants are advised to recognize and reject suspicious orders to disrupt the profit chain for threat actors like Storm-0539.

Holiday shoppers and internet users should maintain elevated caution against scams, fake shops, and malvertising, as these attacks may not directly impact them, but there is a risk during the Memorial Day holiday period.

Full Article