- Atlas Lion used phishing to infiltrate reward card programs and impersonate licensed staff
- Attackers mapped infrastructure, averted malware, and exploited inside workflows to steal reward playing cards
- Reward playing cards are quick, untraceable, and simply resold; entry lasted practically a 12 months
A Moroccan hacking collective has been focusing on corporations issuing reward playing cards for years, infiltrating their programs, stealing the playing cards, and certain reselling them on the black marketplace for revenue, new analysis has claimed.
Researchers at Unit 42 from Palo Alto Networks dubbed the marketing campaign “Jingle Thief”, because it’s most energetic in the course of the festive season.
As per the report, the group tracked as “Atlas Lion”, or “Storm-0539”, would first fastidiously decide its goal, and attempt to be taught as a lot about it as attainable, earlier than reaching out to its staff with convincing phishing lures. These lures would assist them achieve preliminary entry, which they’d then use to map out the IT infrastructure, with a selected concentrate on SharePoint and OneDrive.
Why reward playing cards?
They might then search for reward card issuance workflows, ticketing system exports or directions, VPN configuration and entry guides, spreadsheets or inside instruments used to difficulty or monitor reward playing cards, organizational digital machines, Citrix environments, and extra.
As an alternative of dropping malware (which might most likely elevate a couple of alarms), to achieve an excellent higher foothold on the sufferer, the attackers would depend on inside phishing, focusing on staff with pretend IT service notifications, ticketing updates, and extra.
After figuring out reward card issuance processes, they’d impersonate licensed customers to request or approve reward card transactions, successfully stealing them.
Reward playing cards are standard with cybercriminals as a result of they’re quick, fungible, and onerous to hint. The worth they supply is nearly instantaneous, and comes with out the banking traces often present in wire transfers.
As soon as redeemed, the funds from reward playing cards transfer into accounts, or are spent, which makes each restoration, and attribution, somewhat troublesome. On the similar time, cybercrooks can simply resell and convert them on darkish internet marketplaces.
Atlas Lion is taking part in for the long term, Unit 42 concluded, saying that within the marketing campaign it noticed, they maintained entry for nearly a 12 months, and compromised greater than 60 consumer accounts inside a single international enterprise.
The researchers didn’t say how a lot cash was stolen this fashion.
By way of The Hacker Information
Observe TechRadar on Google Information and add us as a most popular supply to get our knowledgeable information, evaluations, and opinion in your feeds. Make certain to click on the Observe button!
And naturally you may also comply with TechRadar on TikTok for information, evaluations, unboxings in video kind, and get common updates from us on WhatsApp too.
The most effective antivirus for all budgets
