Type
Campaign
Actors
Atlas Lion
Pub. date
May 6, 2024
Initial access
End-user compromise
Impact
Resource hijackingDenial of walletData exfiltration
Observed techniques
PhishingCredential theftSmishing (SMS phishing)MFA enrollmentGift card fraud
References
https://www.ic3.gov/Media/News/2024/240507.pdfhttps://www.microsoft.com/en-us/security/blog/2024/05/23/cyber-signals-inside-the-growing-risk-of-gift-card-fraud/https://twitter.com/MsftSecIntel/status/1794028084670161374https://twitter.com/MsftSecIntel/status/1735351713907773711
Status
Finalized
Last edited
Jun 2, 2024 10:23 AM
Microsoft has identified a Morocco-based cybercrime group, Storm-0539, known for sophisticated phishing attacks to steal and sell gift cards. Active since 2021, the group targets large retailers by compromising gift card services and bypassing multi-factor authentication. Their attacks have increased by 30% between March and May 2024. They use advanced tactics like adversary-in-the-middle phishing, smishing, and exploiting cloud infrastructure to gain unauthorized access.