Criminals decided to add a little phishing to the festive atmosphere.
Microsoft has warned about the growing activity of the cybercrime group Storm-0539, specializing in fraud with gift cards. This group carries out sophisticated phishing attacks via email and SMS, targeting retailers during the holiday sales period.
Malicious links redirect victims to phishing pages equipped with mechanisms to intercept credentials and session tokens.
Microsoft researchers shared their observations on the X platform (formerly Twitter).
Once hackers have gained access to the system, they add their devices to the list of those allowed for two-factor authentication. This allows them to bypass multi-factor protection and save unauthorized access using stolen credentials.
Attackers use this method to increase their network privileges and gain access to cloud resources. The main goal is to steal information related to gift cards for further use for fraudulent purposes, including for withdrawing funds and bonuses accumulated by the buyer.
Storm-0539 does not stop there and collects emails, contact lists, and network configuration information for subsequent attacks on the same companies. Microsoft emphasizes the importance of following account security guidelines.
In their latest monthly Microsoft 365 Defender report, experts describe Storm-0539 as a financially motivated group, active from 2021. Criminals conduct detailed reconnaissance before attacks, creating the most convincing traps.
It is worth noting that Microsoft recently received a court order to seize 750 million fake accounts of the Vietnamese cybercrime group Storm-1152. This group sold access to fake Microsoft accounts, as well as tools to bypass identity systems on other platforms.
Experts warn that hackers are increasingly abusing OAuth applications . Such services allow you to automate financially motivated campaigns, including corporate email fraud, phishing, spam, and illegal cryptocurrency mining.
Microsoft has warned about the growing activity of the cybercrime group Storm-0539, specializing in fraud with gift cards. This group carries out sophisticated phishing attacks via email and SMS, targeting retailers during the holiday sales period.
Malicious links redirect victims to phishing pages equipped with mechanisms to intercept credentials and session tokens.
Microsoft researchers shared their observations on the X platform (formerly Twitter).
Once hackers have gained access to the system, they add their devices to the list of those allowed for two-factor authentication. This allows them to bypass multi-factor protection and save unauthorized access using stolen credentials.
Attackers use this method to increase their network privileges and gain access to cloud resources. The main goal is to steal information related to gift cards for further use for fraudulent purposes, including for withdrawing funds and bonuses accumulated by the buyer.
Storm-0539 does not stop there and collects emails, contact lists, and network configuration information for subsequent attacks on the same companies. Microsoft emphasizes the importance of following account security guidelines.
In their latest monthly Microsoft 365 Defender report, experts describe Storm-0539 as a financially motivated group, active from 2021. Criminals conduct detailed reconnaissance before attacks, creating the most convincing traps.
It is worth noting that Microsoft recently received a court order to seize 750 million fake accounts of the Vietnamese cybercrime group Storm-1152. This group sold access to fake Microsoft accounts, as well as tools to bypass identity systems on other platforms.
Experts warn that hackers are increasingly abusing OAuth applications . Such services allow you to automate financially motivated campaigns, including corporate email fraud, phishing, spam, and illegal cryptocurrency mining.
