FBI Warns of Phishing Attack Targeting Retail Corporate Offices

The Federal Bureau of Investigation (FBI) has warned about a sophisticated phishing and smishing (SMS phishing) campaign orchestrated by a cybercriminal group known as STORM-0539, or Atlas Lion.

This group has been actively targeting the gift card departments of major U.S. retail corporations, creating fraudulent gift cards that have led to significant financial losses.


Free Webinar : Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise:

Key Takeaways:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Start protecting your APIs from hackers

Tactics and Techniques

STORM-0539 employs a range of tactics to breach corporate security. Initially, they target employees’ personal and work mobile phones with smishing campaigns.

Upon gaining access to an employee’s account, they use advanced phishing kits capable of bypassing multi-factor authentication to conduct further attacks within the network.

Their activities include accessing secure shell (SSH) passwords and keys and targeting employees’ credentials in the gift card departments to create fraudulent gift cards1.

In one noted instance, even after a corporation detected and blocked their fraudulent activities, STORM-0539 continued their attacks, adapting their methods to exploit unredeemed gift cards by altering associated email addresses to ones under their control.

The FBI’s alert highlights STORM-0539’s persistence and adaptability, underscoring the significant threat it poses to corporate security.

The group creates immediate financial losses by issuing fraudulent gift cards and compromising sensitive employee data, which could be used for further attacks or sold for monetary gain.

Mitigation Strategies

The FBI advises organizations to review and update their incident response plans to reduce the risk and impact of phishing and smishing campaigns.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free.

Recommended strategies include:

  • Providing education and training for employees on identifying and reporting phishing/smishing attacks
  • Requiring multi-factor authentication on all accounts and login credentials
  • Enforcing strong password policies and the principle of least privilege
  • Employing anti-virus, anti-malware, and network monitoring tools
  • Implementing SMS filtering and anti-phishing tools

The Cybersecurity and Infrastructure Security Agency (CISA) has also released guidance for network defenders and software manufacturers to help mitigate these threats.

Broader Context of Phishing Scams

Phishing remains a prevalent threat to businesses and individuals. Common tactics include impersonating authority figures or institutions to solicit personal information or financial assets.

During holiday seasons, for instance, phishing attacks often increase, exploiting the high volume of transactions and the urgency of last-minute shopping.

Recent cases, such as exploiting Walmart’s financial services for laundering money through gift cards, illustrate the real-world impacts of such scams.

Victims are often tricked into purchasing gift cards under pretenses, with criminals quickly laundering the money through various channels before it can be traced.

The continuous evolution of phishing techniques makes it imperative for individuals and organizations to stay vigilant and informed.

By adhering to recommended security practices and maintaining awareness of the latest scam tactics, potential victims can significantly reduce their risk of falling prey to these cyber threats.

 Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.