Security News > 2024 > May > US retailers under attack by gift card-thieving cyber gang
Earlier this month, the FBI published a private industry notification about Storm-0539, a Morocco-based cyber criminal group that specializes in compromising retailers and creating fraudulent gift cards.
"Storm-0539's skill at compromising and creating cloud-based attack infrastructure lets them avoid common upfront costs," Microsoft's analysts noted.
"Once an employee account at a targeted organization is infiltrated, the attackers move laterally through the network, trying to identify the gift card business process, pivoting toward compromised accounts linked to this specific portfolio," Microsoft says.
The group creates fraudulent gift cards using compromised employee accounts, then they either redeem the value associated with those cards, sell the gift cards on black markets, or use money mules to cash out them out.
"In one instance, a corporation detected Storm-0539's fraudulent gift card activity in their system, and instituted changes to prevent the creation of fraudulent gift cards," the FBI said.
"Storm-0539 actors continued their smishing attacks and regained access to corporate systems. Then, the actors pivoted tactics to locating unredeemed gift cards, and changed the associated email addresses to ones controlled by Storm-0539 actors in order to redeem the gift cards."
News URL
https://www.helpnetsecurity.com/2024/05/24/storm-0539-gift-cards/
Related news
- China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Vodka maker Stoli files for bankruptcy in US after ransomware attack (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)