Today is Memorial Day here in the US. While many people in the country celebrate by going to the store to buy items at special holiday discount prices, Microsoft says one known cybercriminal group uses the Memorial Day time period to try to commit gift card fraud.
In a recent blog post, Microsoft said that the group in question is the Moracco-based S Storm-0539, also known as Atlas Lion. The group has been active since late 2021. While Storm-0539 previously targeted items like cash registers and kiosks with malware to steal payment information, they have since evolved their attacks.
Microsoft"s more detailed report on this group (in PDF format) states that Storm-0539 now goes after online cloud and identity services so that it can compromise gift card portals from major retailers, fast food restaurants, and other businesses.
Storm-0539"s methods include finding and using information like a retailer"s employee directory, contact list or email inboxes. Then, the group sends smishing texts to the personal and work phones of those employees.
Microsoft added:
Once an employee account at a targeted organization is infiltrated, the attackers move laterally through the network, trying to identify the gift card business process, pivoting toward compromised accounts linked to this specific portfolio.
When and if the group gets access to a company"s gift card portal, they can then create new gift cards that can redeem themselves. The group can also sell gift cards to other cybercriminal groups on the black market or have others cash out the value of those cards.
Microsoft says holiday shopping periods like Memorial Day, the Fourth of July, Labor Day, and, of course, the holiday shopping season at the end of the year can see an uptick in activity from Storm-0539,
Microsoft suggests that companies that offer gift card take several methods to protect them from these kinds of groups, They include using a secure gift card platform with fraud protection services, educating employees, and the use of phishing-resistant MFA methods.