Moroccan cybercrime operation Atlas Lion which sets its sights on major retailers, restaurants, and other gift card-giving organizations has been integrating their virtual machines into targeted entities' cloud domains via breached credentials to facilitate covert intrusions, according to The Record, a news site by cybersecurity firm Recorded Future.
Attacks by Atlas Lion commence with the delivery of supposed corporate helpdesk text notifications with links redirecting to phishing sites luring victims into providing their login credentials and multi-factor authentication codes, which were then used to infiltrate accounts and facilitate device enrollment in the organization's MFA authentication app, a report from cybersecurity firm Expel showed. Moreover, Atlas Lion's subsequent connection of its malicious Windows VM to the targeted organization's domain enabled the evasion of data security requirements concerning unauthorized devices. While such illicit activity was immediately flagged down by network defenders, Atlas Lion once again exploited the pilfered credentials to breach the network and scour to data on internal VPN and device management software setups, Bring Your Own Device policy configurations, and gift cards, said Expel researchers.
Attacks by Atlas Lion commence with the delivery of supposed corporate helpdesk text notifications with links redirecting to phishing sites luring victims into providing their login credentials and multi-factor authentication codes, which were then used to infiltrate accounts and facilitate device enrollment in the organization's MFA authentication app, a report from cybersecurity firm Expel showed. Moreover, Atlas Lion's subsequent connection of its malicious Windows VM to the targeted organization's domain enabled the evasion of data security requirements concerning unauthorized devices. While such illicit activity was immediately flagged down by network defenders, Atlas Lion once again exploited the pilfered credentials to breach the network and scour to data on internal VPN and device management software setups, Bring Your Own Device policy configurations, and gift cards, said Expel researchers.
