A financially motivated crime group known as Storm-0539 [4], also referred to as Atlas Lion, has been identified by Microsoft as the mastermind behind a sophisticated gift card fraud scheme targeting retailers and restaurants.
Description
Based in Morocco [4] [5], Storm-0539 has been infiltrating companies to print high-value gift card codes worth up to $100,000 per day [2] [3]. The group focuses on compromising cloud and identity services to access gift card portals of major retailers and fast-food chains [5]. Microsoft has observed a 30% increase in intrusion activity from Storm-0539 between March and May 2024 [2] [3], ahead of the summer holiday season [2] [3], and a 60% increase between September and December 2023 [3] [5], coinciding with fall and winter holidays [3]. Storm-0539 stages attacks through legitimate cloud service providers by pretending to be a nonprofit or student [2]. The hackers target gift card code systems [3], redeem the cards’ value [3], sell them to others [3], or use money mules to cash out the gift cards [3]. To combat this threat [1], Microsoft recommends organizations implement phishing-resistant multifactor authentication [1], strict password reset measures [1], and educate employees on the risks associated with this scam. Increased collaboration and information-sharing among retailers have proven effective in deterring Storm-0539’s activity in recent months [1]. Merchants are advised to treat their gift card portals as high-value targets and regularly monitor for suspicious activity to fend off threats from attackers like Storm-0539 [2].
Conclusion
The impact of Storm-0539’s gift card fraud scheme on retailers and restaurants is significant, with potential losses reaching up to $100,000 per day [5]. However, by implementing recommended security measures such as phishing-resistant multifactor authentication and password reset protocols, organizations can mitigate the risk of falling victim to such attacks. Increased collaboration and information-sharing among retailers have also proven effective in deterring Storm-0539’s activity. Moving forward, it is crucial for merchants to remain vigilant, treat their gift card portals as high-value targets [2], and regularly monitor for suspicious activity to protect themselves from threats posed by sophisticated crime groups like Storm-0539.
References
[1] https://www.darkreading.com/threat-intelligence/new-gift-card-scam-targets-retailers-not-buyers-to-print-endless-money
[2] https://me.pcmag.com/en/security/23768/hacking-group-targets-merchants-to-print-out-and-sell-gift-card-codes
[3] https://uk.pcmag.com/security/152474/hacking-group-targets-merchants-to-print-out-and-sell-gift-card-codes
[4] https://cyberscoop.com/moroccan-cybercrime-group-impersonates-nonprofits-and-abuses-cloud-services-to-rake-in-gift-card-cash/
[5] https://www.infosecurity-magazine.com/news/microsoft-gift-card-fraud-costing/