Security News > 2024 > May > US retailers under attack by gift card-thieving cyber gang

Earlier this month, the FBI published a private industry notification about Storm-0539, a Morocco-based cyber criminal group that specializes in compromising retailers and creating fraudulent gift cards.

"Storm-0539's skill at compromising and creating cloud-based attack infrastructure lets them avoid common upfront costs," Microsoft's analysts noted.

"Once an employee account at a targeted organization is infiltrated, the attackers move laterally through the network, trying to identify the gift card business process, pivoting toward compromised accounts linked to this specific portfolio," Microsoft says.

The group creates fraudulent gift cards using compromised employee accounts, then they either redeem the value associated with those cards, sell the gift cards on black markets, or use money mules to cash out them out.

"In one instance, a corporation detected Storm-0539's fraudulent gift card activity in their system, and instituted changes to prevent the creation of fraudulent gift cards," the FBI said.

"Storm-0539 actors continued their smishing attacks and regained access to corporate systems. Then, the actors pivoted tactics to locating unredeemed gift cards, and changed the associated email addresses to ones controlled by Storm-0539 actors in order to redeem the gift cards."

News URL

https://www.helpnetsecurity.com/2024/05/24/storm-0539-gift-cards/