""Once they gain access to an organization, they pursue the type and level of access needed to issue unauthorized gift cards." The end goal of these efforts is to leverage the issued gift cards for monetary gain by likely reselling them on gray markets. Gift cards make for a lucrative choice as they can be easily redeemed with minimal personal information and are difficult to trace, making it harder for defenders to investigate the fraud."
"It's believed to be active since at least late 2021. Jingle Thief's ability to maintain footholds within compromised organizations for extended periods, in some cases for over a year, makes it a dangerous group. During the time it spends with the environments, the threat actor conducts extensive reconnaissance to map the cloud environment, moves laterally across the cloud, and takes steps to sidestep detection."
Jingle Thief targets cloud environments of retail and consumer services organizations to conduct gift card fraud. Attackers use phishing and smishing to steal credentials, then escalate access to issue unauthorized gift cards, which are likely resold on gray markets. Gift cards are attractive because they can be redeemed with minimal personal information and are hard to trace, complicating investigations. Operations often coincide with festive seasons; the cluster CL-CRI-1032 is attributed to groups tracked as Atlas Lion and Storm-0539 and is believed to originate from Morocco. The group maintains long-term footholds, conducts extensive cloud reconnaissance, moves laterally, and evades detection.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]