AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Microsoft identifies Storm-0539 threat in gift card fraud

Storm-0539: Sophisticated attacks bypass MFA protection and put gift cards at risk

Microsoft has warned of an increase in malicious activity from the Storm-0539 cyber threat group, which uses sophisticated phishing strategies. After obtaining the first credentials, they manage to bypass MFA protection and access sensitive information.

This pill is also available in Italian language

Microsoft recently warned about the increase in malicious activity conducted by Storm-0539, a new cyber threat group. Over the holidays, this cluster ran elaborate scams using email and SMS phishing, targeting retailers with malicious links leading to phishing pages capable of intercepting user credentials and session tokens.

Sophisticated strategies go beyond MFA protection

The Storm-0539, after obtaining the first access credentials, manages to register its devices for secondary authentication requests, evading Multi-Factor Authentication (MFA) protection and maintaining persistent access by exploiting the compromised identity. The foothold gained by Storm-0539 becomes a means to elevate privileges, move laterally across the network, and access cloud resources with the intent of procuring sensitive information, focusing on gift card services to perpetrate fraud.

Intelligence pills on Storm-0539 from Microsoft

Microsoft, in its monthly Microsoft 365 Defender report, found that Storm-0539 is a group driven by financial motivations, active since at least 2021. This actor conducts in-depth reconnaissance activities on target organizations to develop sophisticated phishing scams, aimed at credential theft and on first login.

Prevention and security measures against the abuse of OAuth applications

Even before this alert, Microsoft had obtained an injunction to intercept the infrastructure of the Vietnamese cybercriminal group called Storm-1152, which had sold access to approximately 750 million fraudulent Microsoft accounts. This week, the company also highlighted the abuse of OAuth applications by various cyber actors to carry out automated financial crimes, such as compromise of corporate emails, phishing, large-scale spamming, and the illicit use of virtual machines for cryptocurrency mining.

Follow us on Google News for more pills like this

12/16/2023 10:11

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon