More advanced email and SMS phishing attacks have been launched by the Storm-0539 threat operation to achieve gift card fraud and theft against organizations in the retail industry amid the holiday shopping season, The Hacker News reports.
After exfiltrating targets' credentials and session tokens through adversary-in-the-middle phishing pages attached to malicious links sent in the phishing emails, Storm-0539 then includes its device for secondary authentication to evade multi-factor authentication and establish persistence before performing lateral movement and stealing sensitive data from cloud resources, said the Microsoft Threat Intelligence team in a series of posts on X, formerly Twitter. Additional data, including emails, network configurations, and contact lists, are also being leveraged by the threat operation for succeeding attacks. Such posts come after Microsoft warned about Storm-0539's financially motivated attacks in a report last month. "The actor is well-versed in cloud providers and leverages resources from the target organization's cloud services for post-compromise activities," said Microsoft.
