Microsoft identifies Storm-0539 threat in gift card fraud
Storm-0539: Sophisticated attacks bypass MFA protection and put gift cards at risk
Microsoft has warned of an increase in malicious activity from the Storm-0539 cyber threat group, which uses sophisticated phishing strategies. After obtaining the first credentials, they manage to bypass MFA protection and access sensitive information.
Microsoft recently warned about the increase in malicious activity conducted by Storm-0539, a new cyber threat group. Over the holidays, this cluster ran elaborate scams using email and SMS phishing, targeting retailers with malicious links leading to phishing pages capable of intercepting user credentials and session tokens.
Sophisticated strategies go beyond MFA protection
The Storm-0539, after obtaining the first access credentials, manages to register its devices for secondary authentication requests, evading Multi-Factor Authentication (MFA) protection and maintaining persistent access by exploiting the compromised identity. The foothold gained by Storm-0539 becomes a means to elevate privileges, move laterally across the network, and access cloud resources with the intent of procuring sensitive information, focusing on gift card services to perpetrate fraud.
Intelligence pills on Storm-0539 from Microsoft
Microsoft, in its monthly Microsoft 365 Defender report, found that Storm-0539 is a group driven by financial motivations, active since at least 2021. This actor conducts in-depth reconnaissance activities on target organizations to develop sophisticated phishing scams, aimed at credential theft and on first login.
Prevention and security measures against the abuse of OAuth applications
Even before this alert, Microsoft had obtained an injunction to intercept the infrastructure of the Vietnamese cybercriminal group called Storm-1152, which had sold access to approximately 750 million fraudulent Microsoft accounts. This week, the company also highlighted the abuse of OAuth applications by various cyber actors to carry out automated financial crimes, such as compromise of corporate emails, phishing, large-scale spamming, and the illicit use of virtual machines for cryptocurrency mining.
Follow us on Google News for more pills like this12/16/2023 10:11
Marco Verro