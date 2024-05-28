Microsoft is shedding light on a Moroccan-based cybercrime group named Storm-0539 behind a slew of gift card fraud attacks.

Storm-0539 was discovered by Microsoft in December 2023 as orchestrating highly sophisticated email and SMS phishing attacks. According to Microsoft’s latest Cyber Signals report, the motivation for Storm-0539 is to “steal gift cards and profit by selling them at a discounted rate”. Fraud using gift cards also enables further access to potential targets’ clouds and personal security information accessed through reconnaissance. Past targets of the espionage campaign include fast-food restaurants, luxury brands, and large retailers. In past campaigns, the threat actor group stole personal card information by deploying malware on point-of-sale (PoS) devices. However, with the updated use of gift cards, the threat actor group can redeem the value of the card, sell the gift card on the black-market, or cash out the card using money mules. Microsoft has flagged a 30% uptick in Storm-0539 activity between March and May 2024. Combining past knowledge of espionage and reconnaissance campaigns with gift card smuggling, the threat actor has gained the ability to “conduct reconnaissance on an organization’s gift card issuance processes”. This enables the threat actor group to target major retailer gift card departments to get money.

