- Microsoft alerts about Moroccan cybercriminal group targeting retailers for gift card fraud.
- Group named Atlas Lion or Storm-0539 exploits cloud systems, poses as non-profits, and creates convincing fake websites.
- Microsoft advises companies to secure gift card portals, monitor regularly, and educate teams on fraud prevention.
Microsoft has issued a warning about a cybercriminal group based in Morocco, known as Atlas Lion or Storm-0539, targeting retailers for fraudulent gift card activities. This group has been active for over a year, focusing on compromising cloud and identity services to exploit payment and card systems associated with major retailers, luxury brands, and popular fast-food chains.
Previously, these threat actors specialized in malware attacks on point-of-sale (POS) devices to steal payment card data. However, they have now shifted their focus to cloud systems, exhibiting sophisticated techniques typically seen in nation-state-sponsored threat actors. Instead of espionage, Storm-0539 uses compromised identities to create gift cards for malicious purposes, bypassing multifactor authentication protections.
To remain undetected, the group impersonates legitimate organizations and creates convincing fake websites, often with domain names similar to authentic ones, to deceive victims. Microsoft advises companies to prioritize the security of gift card portals, implement conditional access policies, educate security teams on fraud prevention, and invest in cloud security best practices to mitigate such threats effectively.
