Moroccan cybercrime group impersonates nonprofits and abuses cloud services to rake in gift card cash
摩洛哥网络犯罪组织冒充非营利组织并滥用云服务来骗取礼品卡现金

A highly successful, financially motivated crime group has been impersonating nonprofit organizations to obtain reduced rates or even free access to cloud accounts, which it then uses to operate an increasing number of gift card theft scams targeting top U.S. retailers, researchers with Microsoft said Thursday.
微软研究人员周四表示，一个非常成功的、出于经济动机的犯罪团伙一直冒充非营利组织，以获取更低的费率，甚至免费访问云帐户，然后利用这些帐户来实施越来越多针对美国顶级零售商的礼品卡盗窃骗局。

The researchers said activity tied to the group, tracked by Microsoft as Storm-0539 or Atlas Lion and active since late 2021, has increased 30% between since March, following a 60% increase in intrusion activity between September and December of 2023, according to research compiled by Microsoft and set to be presented at the annual Sleuthcon cybercrime conference Friday.
研究人员表示，与该组织相关的活动（被微软追踪为 Storm-0539 或 Atlas Lion，自2021年底以来一直活跃）的数据显示，自3月份以来，该组织的入侵活动增加了30%，而2023年9月至12月期间的入侵活动增加了 60%。微软编制的研究报告将于周五在年度 Sleuthcon 网络犯罪会议上公布。

The group specializes in targeting major retailers, mostly in the United States, by focusing on key employees or offices within those companies that control payment and gift card operations. After successfully phishing those employees, the attackers gain the ability to navigate intricate cloud environments, as well as specific company procedures, to maximize the amount of money that can be stolen via fraudulently issued payment or gift cards.
该组织专门针对主要零售商（主要在美国），重点关注那些控制支付和礼品卡业务的公司内的关键员工或办公室。成功对这些员工进行网络钓鱼后，攻击者能够浏览复杂的云环境以及特定的公司程序，以最大限度地通过欺诈性发放的支付或礼品卡窃取资金。