Cybercriminals Target Retail Sector in Widespread Gift Card Scheme

Cybersecurity researchers have identified a sophisticated cybercriminal group, dubbed ‘Jingle Thief,’ responsible for targeting the cloud infrastructure of organizations in the retail and consumer services industries. The group’s primary objective is large-scale gift card fraud, resulting in the theft of millions of dollars. According to an analysis released on October 23, 2025, Jingle Thief has developed a systematic approach to infiltrate corporate networks and manipulate systems for financial gain. The attacks specifically focus on compromising organizations that issue gift cards.

Attack Vector: Phishing, Smishing, and Privilege Escalation

The initial point of entry for Jingle Thief involves social engineering tactics. Researchers Stav Setty and Shachar Roitman from Palo Alto Networks Unit 42 detailed the group’s methods in a recent analysis. “Jingle Thief attackers use phishing and smishing to steal credentials, to compromise organizations that issue gift cards,” the researchers stated. “Once they gain access to an organization, they pursue the type and level of access needed to issue unauthorized gift cards.” This reveals a multi-stage attack that begins with credential theft and culminates in the attackers gaining sufficient control over internal systems to generate fraudulent gift cards at will.

The ultimate goal of these intrusions is to monetize the fraudulently issued gift cards. Jingle Thief leverages these cards for profit by reselling them on gray markets. Gift cards are an especially lucrative target for threat actors because they are difficult to trace and can be redeemed with minimal personal information. This characteristic makes it significantly harder for security teams and law enforcement to investigate the fraud and track the perpetrators. The name ‘Jingle Thief’ was chosen as a nod to the threat actor’s specific pattern of conduct.

Source: https://thehackernews.com/2025/10/jingle-thief-hackers-exploit-cloud.html