Microsoft warns against gift card frauds being performed by Moroccan cybercriminals: All you need to know

Microsoft warns against gift card frauds being performed by Moroccan cybercriminals: All you need to know

In a recent report by Microsoft, it has come to light that a cybercriminal operation based in Morocco is actively targeting large retailers to carry out gift card frauds. This group, known as Atlas Lion or Storm-0539, has been under scrutiny for the past year due to their fraudulent activities. Microsoft has revealed that the group is focusing on cloud and identity services, specifically aiming at the payment and card systems of prominent retailers, luxury brands, and popular fast food chains.

The threat actors, previously known for their malware attacks on point-of-sale (POS) devices such as retail cash registers, have now shifted their focus to compromising cloud systems to gain extensive identity and access privileges. This modus operandi closely resembles the tactics employed by nation-state-sponsored threat actors, albeit with a different objective. Storm-0539 exploits compromised identities to create gift cards for malicious purposes, rather than targeting individual consumers exclusively.

Once the cybercriminals manage to infiltrate a network and acquire an initial session and token, they proceed to register their own malicious devices for secondary authentication prompts. By doing so, they are able to bypass multifactor authentication safeguards and maintain a presence within the compromised environment. Microsoft has emphasized the group’s ability to masquerade as legitimate organizations, utilizing resources from cloud providers under false pretenses, often through deceptive ‘typosquatting’ domain names that resemble authentic websites.

To combat such fraudulent activities, Microsoft advises companies to treat their gift card portals as high-value targets for cybercriminals. It is essential for organizations to regularly monitor and audit these sites, implement conditional access policies, educate security teams about potential threats, and adhere to cloud security best practices.

In conclusion, the prevalence of cybercriminal activities, such as the gift card frauds orchestrated by Moroccan cybercriminals, underscores the importance of robust cybersecurity measures for businesses. By staying vigilant and proactive in safeguarding their systems and assets, companies can mitigate the risks posed by such malicious actors and protect their customers and stakeholders from financial harm and data breaches.