Scammers are targeting cloud systems to make off with hauls of gift cards

News
By published

Gift cards are ideal for hackers since they can easily be redeemed or sold

Phishing phone call scams vishing - concept. Cellphone with fishing hook, credit cards, gift cards
(Image credit: Shutterstock / MargJohnsonVA)
  • Atlas Lion used phishing to infiltrate gift card systems and impersonate authorized employees
  • Attackers mapped infrastructure, avoided malware, and exploited internal workflows to steal gift cards
  • Gift cards are fast, untraceable, and easily resold; access lasted nearly a year

A Moroccan hacking collective has been targeting companies issuing gift cards for years, infiltrating their systems, stealing the cards, and likely reselling them on the black market for profit, new research has claimed.

Researchers at Unit 42 from Palo Alto Networks dubbed the campaign “Jingle Thief”, since it’s most active during the festive season.

As per the report, the group tracked as “Atlas Lion”, or “Storm-0539”, would first carefully pick its target, and try to learn as much about it as possible, before reaching out to its employees with convincing phishing lures. These lures would help them gain initial access, which they would then use to map out the IT infrastructure, with a specific focus on SharePoint and OneDrive.

Why gift cards?

They would then look for gift card issuance workflows, ticketing system exports or instructions, VPN configuration and access guides, spreadsheets or internal tools used to issue or track gift cards, organizational virtual machines, Citrix environments, and more.

Instead of dropping malware (which would probably raise a few alarms), to gain an even better foothold on the victim, the attackers would rely on internal phishing, targeting employees with fake IT service notifications, ticketing updates, and more.

After identifying gift card issuance processes, they would impersonate authorized users to request or approve gift card transactions, effectively stealing them.

Gift cards are popular with cybercriminals because they’re fast, fungible, and hard to trace. The value they provide is almost instant, and comes without the banking traces usually found in wire transfers.

Once redeemed, the funds from gift cards move into accounts, or are spent, which makes both recovery, and attribution, rather difficult. At the same time, cybercrooks can easily resell and convert them on dark web marketplaces.

Atlas Lion is playing for the long run, Unit 42 concluded, saying that in the campaign it observed, they maintained access for almost a year, and compromised more than 60 user accounts within a single global enterprise.

The researchers didn’t say how much money was stolen this way.

Via The Hacker News

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.