The FBI warned retail companies in the United States that a financially motivated hacking group has been targeting employees in their gift card departments in phishing attacks since at least January 2024.
Tracked as Storm-0539, this hacking group targets the personal and work mobile devices of retail department staff using a sophisticated phishing kit that enables them to bypass multi-factor authentication.
Upon infiltrating an employee's account, the attackers move laterally through the network, trying to identify the gift card business process and pivoting towards compromised accounts linked to this specific portfolio.
In addition to stealing the login credentials of gift card department personnel, their efforts extend to acquiring secure shell passwords and keys.
Together with stolen employee information such as names, usernames, and phone numbers, these could be sold for financial gain or exploited by Storm-0539 in future attacks.
Should the hackers succeed in breaching the victim's corporate gift card department, they use compromised employee accounts to generate fraudulent gift cards.
The FBI advises retail corporations across the United States to review and update their incident response plans and consider training their employees to recognize phishing scams and to not share sensitive information like credentials via email, chat, or phone calls to reduce the risk and impact of such phishing attacks.
Potential targets must also require multi-factor authentication wherever possible, use up-to-date antivirus and anti-malware solutions, implement strong password policies, and enforce the principle of least privilege across their networks.
The FBI's PIN follows a mid-December warning from Microsoft, which cautioned of a surge in Storm-0539 gift card fraud and theft attacks during the holiday season.
FBI warns of massive wave of road toll SMS phishing attacks.
CISA urges software devs to weed out path traversal vulnerabilities.
FBI warns of fake verification schemes targeting dating app users.
FBI warns against using unlicensed crypto transfer services.
CISA urges software devs to weed out SQL injection vulnerabilities.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 09 May 2024 14:43:06 +0000