At least one undisclosed retail/consumer-services organisation
October 23, 2025
•[ financial fraud, account compromise, cloud security ]
Threat cluster Jingle Thief compromises cloud accounts at retailers/consumer services to issue high-value gift cards at scale, maintaining persistence (rogue MFA apps, Entra enrollments) and living-off-the-land in M365; activity spiked AprilMay 2025 and is financially motivated fraud rather than service disruption. Campaign-level intel, not a single-victim event.
Undisclosed South Korean company 4
November 1, 2024
•[ watering hole, exploit, threat actor ]
Watering-hole campaign redirected visitors from financial industry websites to Lazarus-controlled exploit servers.
