Moroccan cybercrime ring steals up to $100K daily, Microsoft reports

29 May 2024 , 17:04
513     0
Moroccan cybercrime ring steals up to $100K daily, Microsoft reports
Moroccan cybercrime ring steals up to $100K daily, Microsoft reports

A Moroccan cybercrime ring has taken a liking to gift card fraud, stealing victims’ personal information and using it to buy and sell gift cards for profit, in a venture that generates the group up to US$100,000 per day, according to a Microsoft intelligence report. 

Storm-0539, aka Atlas Lion, employs phishing tactics to steal personal information from companies and individuals, which is then used to illicitly purchase gift cards and sell them at a discount on the open market.

“Gift cards are attractive targets for fraud because unlike credit or debit cards, there are no customer names or bank accounts attached to them,” Microsoft said in its report. The information technology giant noted cases where the Moroccan cyber group has stolen up to $100,000 a day from unnamed companies.

Once a Storm-0539 attacker steals a person’s data, they will set up multi-factor authentication (MFA) on a device they control, thus allowing them to wholly compromise their victim’s digital identity.

Sources from which the ring mines for digital gold include company directories, contact lists, and email accounts; mobile phones are exploited via smishing attacks to give them another avenue through which to infiltrate large companies with deep pockets.

“Once an employee account at a targeted organization is infiltrated, the attackers move laterally through the network, trying to identify the gift card business process,” Microsoft said.

“After gaining access, the group creates new gift cards using compromised employee accounts; they then redeem the value associated with those cards, sell the gift cards to other threat actors on black markets, or use money mules to cash out the gift cards,” it explained.

The majority of the cyber ring’s attacks reportedly come around the major holiday seasons. Microsoft documented a 30% increase in Storm-0539 intrusion activity between March and May 2024, as well as a 60% spike between September and December 2023.

It’s not just their victims who have been compromised; Storm-0539 attackers are also capable of exploiting the gift card portals of large retailers, luxury brands, and restaurants for large scale purchases without raising any red flags.

Another way by which they lure victims to surrendering their digital information is by meticulously impersonating online charities, animal shelters, and nonprofits. Any traffic that comes through their sites believe them to be legitimate and victims will thus willingly enter their personal or professional credentials.

Storm-0539 has become so infamous that the FBI published a notice on the Moroccan hackers’s activities earlier this month.

The U.S. federal law enforcement agency also warned that the cyber group has been known to sell their victims’ data on the black market.

Listed amongst Microsoft’s security recommendations for companies was the adoption of a secure gift card platform with stringent password changing requirements and MFA safeguards, as well as implementing IP address location checks for all devices attempting to register one.

Emma Davis

Atlas Lion, Storm-0539, Microsoft, Fraud, Cybercrime, Morocco

Read more similar news:

03.02.2023, 14:08 • News
Inside quietest room in the world where no one can stay inside for over an hour
08.02.2023, 14:52 • More
Call of Duty could be removed from Microsoft's Activision deal
10.02.2023, 17:33 • More
Sony set on 'sabotaging' Microsoft's Activision buyout alleges Bobby Kotick
05.01.2023, 14:21 • News
Inside world's quietest room - where you can hear your bones grind and neck turn
11.01.2023, 15:01 • More
Xbox Game Pass January 2023: Monster Hunter Rise and Persona 4 lead the way
25.01.2023, 09:12 • More
Xbox Live is down along with Microsoft Teams, and Outlook
01.03.2023, 15:54 • More
Xbox Games with Gold March 2023: traverse eras in Truberbrook and more
08.03.2023, 15:33 • More
Starfield release date finally confirmed and it's later than we were promised
11.03.2023, 09:27 • Tech
Another nightmare for Windows PC users as millions get blocked from popular app
13.03.2023, 19:00 • More
GTA 6 may scrap content to sell as DLC later to make 2024 release