Microsoft’s newly released “Cyber Signals” report highlights the growing threat posed by the hacking group Storm-0539, also known as “Ant Lion.” As Memorial Day approaches, the report underscores a worrying rise in gift card thefts orchestrated by this financially motivated group. The FBI has already flagged Storm-0539 for its sophisticated methods, which bear a striking resemblance to state-sponsored cyber-espionage tactics.
Storm-0539 has been particularly active around major holidays, with a 60% increase in activity noted during the last Christmas season and a 30% rise from March to May 2024. The group primarily targets organizations that issue gift cards, leveraging extensive reconnaissance and custom-crafted phishing messages to gain access. Once inside, they exploit multi-factor authentication systems to maintain persistence and move laterally across virtual machines, VPNs, and various cloud services.
The attackers’ end goal is to generate and monetize gift cards, often issuing cards with values just below organizational limits to evade detection. They use these cards on dark web markets or cash them out through intermediaries known as money mules. To support their operations, they create fake websites mimicking non-profit organizations and abuse cloud service providers’ low-cost or free-tier offerings.
Microsoft advises organizations to bolster their defenses by monitoring for anomalies, enforcing strict access policies, and implementing token replay protection measures. Merchants can also help by identifying and rejecting suspicious transactions. As these threats do not directly impact holiday shoppers, internet users are still encouraged to remain vigilant against scams, especially as Memorial Day approaches.
Reference:
