Trace Id is missing

Meet the experts tracking Storm-0539 gift card fraud

A group of people posing for a photo

Alison Ali, Waymon Ho, Emiel Haeghebaert

Microsoft Threat Intelligence

“What matters is security hardening measures that stop an initial foothold from becoming a major intrusion”.

Alison Ali 
Senior Security Researcher 
Microsoft

Alison Ali, Waymon Ho, and Emiel Haeghebaert came to cybersecurity through very different paths. This group of analysts tracking Storm-0539 has a background that spans international relations, federal law enforcement, security, and government.

Waymon Ho first pursued a degree in computer science with a focus in software engineering but stumbled upon an internship with the Federal Bureau of Investigation (FBI). This changed his trajectory to pursue a cybersecurity career.

“At the FBI, I investigated cybercriminals as a computer scientist and joined Microsoft in 2022 as a senior hunt analyst on the Microsoft Threat Intelligence Center (MSTIC) team, focused on tracking threat actors,” Waymon explains. He is currently a senior security research manager on Microsoft’s Global Hunting, Oversight, and Strategic Triage (GHOST) team.

Waymon says what’s notable about Storm-0539 is their persistence and knowledge of the gift card issuing process. “They identify employees managing gift card portals and locate internal guides outlining how to issue them. They issue cards just under the security limit to ensure authorization and that they remain undetected so they can return and repeat the process,” he adds.

Emiel Haeghebaert’s background spans both technology and international relations. Originally from Belgium, Emiel moved to the United States in 2018 to pursue a degree in security studies at Georgetown University. He’s currently a senior hunt analyst with MSTIC, where he tracks Iranian state-sponsored cyberthreats targeting Microsoft customers and consumers.

Emiel also supports Microsoft incident response engagements related to both financially motivated and state-sponsored threat actors, supporting on-site teams and customers with attribution analysis, threat actor insights, and tailored briefings. With a background in international relations and cybersecurity, Emiel thrives at the intersection of these fields. “Working in cyberthreat intelligence, it’s essential to have not only an understanding of technical matters related to cybersecurity, but also a comprehension of threat actors, their motivations, their priorities, and their sponsors’ strategic objectives,” he says. “My background in history and geopolitics helps me gain a more complete understanding of cybercriminal groups and state-sponsored threat actors.”

Alison Ali came to security in a roundabout way, with a background in linguistics from Georgetown University. She began working at Microsoft in 2022 as a senior security researcher, where she works with teams across Microsoft Security to synthesize information for customers on significant cyberthreats, including financially motivated threat actors. Alison says, “Organizations across all industries are frequently dealing with users affected by large scale attacks like phishing or password sprays— what matters is security hardening measures that stop an initial foothold from becoming a major intrusion.”

Related articles

Inside the growing risk of gift card fraud

Discover why companies issuing gift or payment cards are the favored targets of Storm-0539, a Morocco-based threat actor leveraging cloud environments to attack gift card portals. Review the group’s methods and learn ways to strengthen defenses against their attacks.

Feeding the trust economy: social engineering fraud

Explore an evolving digital landscape where trust is both a currency and a vulnerability. Discover the social engineering fraud tactics cyber attackers use most, and review strategies that can help you identify and outmaneuver social engineering threats designed to manipulate human nature.

Shifting tactics fuel surge in business email compromise

Business email compromise (BEC) is on the rise now that cybercriminals can obscure the source of their attacks to be even more nefarious. Learn about CaaS and how to help protect your organization.

Follow Microsoft Security