Atlas Lion phishing campaign

Type

Campaign

Actors

🦁Atlas Lion

Pub. date

May 6, 2024

Initial access

End-user compromise

Impact

Resource hijackingDenial of walletData exfiltration

Observed techniques

Phishing Credential theft Smishing (SMS phishing)MFA enrollment Gift card fraud

References

https://www.ic3.gov/Media/News/2024/240507.pdfhttps://www.microsoft.com/en-us/security/blog/2024/05/23/cyber-signals-inside-the-growing-risk-of-gift-card-fraud/https://twitter.com/MsftSecIntel/status/1794028084670161374https://twitter.com/MsftSecIntel/status/1735351713907773711

Status

Finalized

Last edited

Jun 2, 2024 10:23 AM

Microsoft has identified a Morocco-based cybercrime group, Storm-0539, known for sophisticated phishing attacks to steal and sell gift cards. Active since 2021, the group targets large retailers by compromising gift card services and bypassing multi-factor authentication. Their attacks have increased by 30% between March and May 2024. They use advanced tactics like adversary-in-the-middle phishing, smishing, and exploiting cloud infrastructure to gain unauthorized access.