Microsoft warns of gift card fraud, shares tactics of one of the world’s most dangerous hacker group Storm-0539

Cybercriminals are constantly innovating, and gift cards have become a new battleground. Microsoft Threat Intelligence report warns that gift cards are an attractive target due to the lack of personal information attached to them, making them ideal for fraud and social engineering schemes.
The report highlights a specific threat actor group, Storm-0539 (also known as Atlas Lion), which has been particularly active around major US holidays.In the lead-up to Memorial Day 2024, Microsoft observed a 30% increase in activity from this group, suggesting a potential surge in attacks during peak shopping seasons.

Storm-0539: How the hacker group’s tactics have evolved

This cybercrime group has been active since late 2021 and demonstrates a concerning evolution. Previously focused on compromising point-of-sale systems to steal credit card data, they’ve shifted to targeting cloud and identity services. The aim is to infiltrate the payment systems of large retailers, luxury brands, and fast food restaurants to steal or manipulate gift cards.
What makes Storm-0539 particularly dangerous is their sophisticated approach. They exploit their deep understanding of cloud environments to scout out organizations’ gift card systems and employee access points. Their methods mirror those of nation-state attackers, granting them persistent access to create and steal gift cards for illicit purposes.
How Storm-0539 escapes detection
To avoid detection, Storm-0539 utilizes deceptive tactics. They pose as legitimate organizations, acquiring cloud resources under the guise of non-profits. They even create fake websites with misleading domain names to lure unsuspecting victims.
What internet and smartphone users can do to protect themselves
For organizations issuing gift cards, vigilance is key. Treat gift card portals as high-value targets and implement continuous monitoring for suspicious activity. Multi-factor authentication and strong access controls are crucial to hinder these attackers. Additionally, investing in cloud security best practices and educating staff on social engineering tactics are essential lines of defense.