Jingle Thief cloud phishing and smishing gift card fraud campaign
Campaign
Summary
Hide ▲
Show ▼
The Jingle Thief campaign is actively using phishing and smishing to steal cloud credentials and drive unauthorized gift card fraud against retail and consumer services organizations. Researchers observed a wave of coordinated attacks in April and May 2025, and the cluster has been active since at least late 2021. The operation matters because intruders can keep prolonged cloud access, broaden their foothold, and issue gift cards at scale with minimal traceability.
Related Happenings
Organization hit by network compromise linked to Velvet Ant
Incident
H score35
First: 13.06.2026 17:06
Last: 13.06.2026 17:06
Sources 1
About this happening:
A **target organization** suffered a **10-year authentication stack compromise** that exposed **administrative activity** inside an **isolated critical infrastructure network**. T...
Organization hit by network compromise linked to Velvet Ant
IncidentAbout this happening: A **target organization** suffered a **10-year authentication stack compromise** that exposed **administrative activity** inside an **isolated critical infrastructure network**. T...
Senior executive at major global stock exchange hit by data theft breach
Incident
H score7
First: 03.06.2026 15:46
Last: 03.06.2026 15:46
Sources 1
About this happening:
A senior executive at a major global stock exchange suffered an **email account compromise** that enabled **months of unauthorized mailbox access** and data theft. The intrusion b...
Senior executive at major global stock exchange hit by data theft breach
IncidentAbout this happening: A senior executive at a major global stock exchange suffered an **email account compromise** that enabled **months of unauthorized mailbox access** and data theft. The intrusion b...
Storm-2949 Microsoft 365 and Azure data-theft campaign
Campaign
H score33
First: 19.05.2026 22:35
Last: 19.05.2026 22:35
Sources 1
About this happening:
The **Storm-2949** campaign is targeting **Microsoft 365 and Azure production environments** to steal sensitive data, increasing the risk of privileged-account takeover and cloud...
Storm-2949 Microsoft 365 and Azure data-theft campaign
CampaignAbout this happening: The **Storm-2949** campaign is targeting **Microsoft 365 and Azure production environments** to steal sensitive data, increasing the risk of privileged-account takeover and cloud...
PCPJack credential theft framework worms across exposed cloud infrastructure
Malware Activity
H score27
First: 08.05.2026 12:00
Last: 08.05.2026 12:00
Sources 1
About this happening:
The **PCPJack** malware activity is extending a **credential-theft** operation across **exposed cloud infrastructure**, stripping **TeamPCP** artifacts and stealing access from se...
PCPJack credential theft framework worms across exposed cloud infrastructure
Malware ActivityAbout this happening: The **PCPJack** malware activity is extending a **credential-theft** operation across **exposed cloud infrastructure**, stripping **TeamPCP** artifacts and stealing access from se...
QR code phishing surged across email threats in Q1 2026
Trend
H score73
First: 05.05.2026 09:35
Last: 05.05.2026 09:35
Sources 1
About this happening:
**Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....
QR code phishing surged across email threats in Q1 2026
TrendAbout this happening: **Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....
Timeline
-
23.10.2025 10:52 2 articles · 8mo ago
Jingle Thief cloud phishing and smishing gift card fraud campaign
Initial DisclosureIn **April and May 2025**, **Jingle Thief** entered a coordinated credential-theft phase by sending **phishing and smishing** lures to capture **Microsoft 365** logins. That initial access was then used to search for gift-card issuance workflows and prepare follow-on fraud.
Show sources
- “Jingle Thief” Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards — thehackernews.com — 23.10.2025 10:52
- “Jingle Thief” Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards — thehackernews.com — 23.10.2025 10:52