Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it’s tracking as Storm-0539 for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season.
“After gaining access to an initial session and token, Storm-0539 registers their own device for subsequent secondary authentication prompts, bypassing MFA protections and persisting in the environment using the fully compromised identity,” the tech giant said in a series of posts on X (formerly Twitter).
“The actor is well-versed in cloud providers and leverages resources from the target organization’s cloud services for post-compromise activities.”
The disclosure comes days after the company said it obtained a court order to seize the infrastructure of a Vietnamese cybercriminal group called Storm-1152 that sold access to approximately 750 million fraudulent Microsoft accounts as well as identity verification bypass tools for other technology platforms.
Earlier this week, Microsoft also warned that multiple threat actors are abusing OAuth applications to automate financially motivated cyber crimes, such as business email compromise (BEC), phishing, large-scale spamming campaigns, and deploy virtual machines to illicitly mine for cryptocurrencies.
Source: https://thehackernews.com/