Identity, Phishing, Threat Intelligence

Cyberespionage schemes leveraged in escalating Moroccan gift card theft campaign


Moroccan hacking operation Storm-0539, also known as Ant Lion, has ramped up its gift card theft activities with cyberespionage tactics ahead of the Memorial Day holiday, according to BleepingComputer.

Attacks by Storm-0539 rose by 30% from March to May, following a 60% increase in activity during the Christmas season, a Microsoft report revealed. Organizations, particularly those that issue gift cards, are mainly targeted by the hacking group through phishing messages that seek to facilitate account theft before enabling additional compromise to their virtual machines and other environments, noted researchers, who added the operation's use of nonprofit organization-spoofing sites to build its attack infrastructure.

"Storm-0539's reconnaissance and ability to leverage cloud environments are similar to what Microsoft observes from state-sponsored threat actors, showing how techniques popularized by espionage and geopolitical-focused adversaries are now influencing financially motivated criminals," said Microsoft, which recommended the implementation of token replay protection and least privilege access measures, as well as FIDO2 security keys to mitigate risks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.