Palo Alto Networks Unit 42 has posted new research called “Jingle Thief“—a campaign in which Morocco-based threat actors are exploiting Microsoft 365 environments to conduct large-scale gift card fraud against global retail enterprises. With the holiday shopping season approaching, these operations are expected to intensify in scale and frequency.
The research details a multi-stage campaign where attackers use phishing and smishing to infiltrate retail organizations, identify and compromise those with gift card administration privileges, and ultimately issue themselves massive quantities of gift cards. These actors employ sophisticated evasion techniques—including configuring inbox rules for silent exfiltration and deletion of sent messages—that have not been publicly detailed until now.
Key insights from the research include:
- A shift from endpoint-based intrusions to cloud-native, identity-driven attacks that leverage Microsoft 365 services.
- How these attackers exploit trusted environments such as SharePoint, OneDrive, and Entra ID to execute large-scale gift card fraud, and evade detection for months.
- Broader context on how financially motivated groups are adopting APT-level tactics, mirroring the persistence and stealth of nation-state actors.
You can read the research here.
Like this:
Like Loading...
Related
This entry was posted on October 22, 2025 at 10:16 am and is filed under Commentary with tags Palo Alto Networks. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Threat Actors Target Global Retailers with Cloud-Based Gift Card Campaign
Palo Alto Networks Unit 42 has posted new research called “Jingle Thief“—a campaign in which Morocco-based threat actors are exploiting Microsoft 365 environments to conduct large-scale gift card fraud against global retail enterprises. With the holiday shopping season approaching, these operations are expected to intensify in scale and frequency.
The research details a multi-stage campaign where attackers use phishing and smishing to infiltrate retail organizations, identify and compromise those with gift card administration privileges, and ultimately issue themselves massive quantities of gift cards. These actors employ sophisticated evasion techniques—including configuring inbox rules for silent exfiltration and deletion of sent messages—that have not been publicly detailed until now.
Key insights from the research include:
You can read the research here.
Share this:
Like this:
Related
This entry was posted on October 22, 2025 at 10:16 am and is filed under Commentary with tags Palo Alto Networks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.