Sophisticated Smishing Compromises Employee Accounts, Accesses Corporate Gift Card Systems

STORM-0539 Smishing compromises employees accounts

We at SlashNext want to draw attention to the alarming trend of cybercriminals exploiting advanced techniques to target retail corporations, as highlighted in the recent FBI Private Industry Notification (PIN). The threat actor group known as STORM-0539 has been conducting sophisticated smishing campaigns to compromise employee accounts and gain unauthorized access to corporate gift card systems.

STORM-0539’s tactics are particularly concerning because of their ability to bypass multi-factor authentication and pivot within the network to locate and exploit gift card systems. By targeting employees’ personal and work mobile phones with smishing attacks, the group gains an initial foothold. They then conduct reconnaissance to identify the gift card business process and target employee accounts with elevated privileges.

Once inside the gift card systems, STORM-0539 has demonstrated the capability to create fraudulent gift cards using compromised employee accounts. Even more troubling, when corporations implement controls to prevent fraudulent gift card creation, the group adapts by changing email addresses on unredeemed gift cards to ones they control, allowing them to siphon off the funds.

At SlashNext, we recognize the growing threat of advanced phishing and smishing attacks targeting enterprises. Our solutions are purpose-built to stop these types of sophisticated, multi-channel attacks. By leveraging GenAI and machine learning, SlashNext can detect and block smishing attempts and malicious links across mobile apps, email, and web browsers. This multi-layered approach is crucial for preventing threat actors like STORM-0539 from gaining that initial foothold via smishing.

Furthermore, our AI-driven behavioral analysis can identify unusual activity within corporate networks, such as reconnaissance and lateral movement, enabling swift detection and response to gift card system compromise. By continuously learning communication patterns and writing styles, SlashNext’s generative AI can more accurately spot business email compromise and social engineering attempts that deviate from the norm.

As cybercriminals continue to evolve their tactics, enterprises must adopt advanced, AI-powered security solutions to stay one step ahead. At SlashNext, we remain committed to innovating and delivering the cutting-edge technologies needed to protect organizations from these ever-growing threats.

Discover how SlashNext can extend your protection across email, mobile, and web messaging apps. Request your personalized demo today.

It’s Time to Get Started with SlashNext

Experience the difference with broad phishing threat coverage and automated delivery.