| The Federal Bureau of Investigation (FBI) released this Private Industry Notification (PIN) to highlight cybercriminals’ activity using phishing and Short Message Service (SMS) phishing (SMiShing) campaigns against employees at US retail corporate offices in order to create fraudulent gift cards resulting in financial loss. |
| As of January, the FBI noted a cybercriminal group labeled STORM-0539, also known as Atlas Lion, targeting national retail corporations; specifically the gift card departments located in their corporate offices. STORM-0539 used SMiShing campaigns to target employees and gain unauthorized access to employee accounts and corporate systems. Once they gained access, STORM-0539 actors used phishing campaigns to target other employees to elevate network access and target the gift card department in order to create fraudulent gift cards. |
| This FBI PIN includes some of the techniques, tactics, and procedures (TTPs) observed by STORM-0539 actors, recommended mitigations to reduce the likelihood and impact associated with similar attack campaigns, and is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals. |