[threat-actors] Add Storm-1044

clusters/threat-actor.json

@@ -14486,6 +14486,19 @@
       },
       "uuid": "5f71a9ea-511d-4fdd-9807-271ef613f488",
       "value": "Opal Sleet"
+    },
+    {
+      "description": "Storm-1044 has been identified as part of a cyber campaign in collaboration with Twisted Spider. They employ a strategic approach, targeting specific endpoints using an initial access trojan called DanaBot. Once they gain access, Storm-1044 initiates lateral movement through Remote Desktop Protocol sign-in attempts, passing control to Twisted Spider. Twisted Spider then compromises the endpoints by introducing the CACTUS ransomware. Microsoft has detected ongoing malvertising attacks involving Storm-1044, leading to the deployment of CACTUS ransomware.",
+      "meta": {
+        "refs": [
+          "https://twitter.com/MsftSecIntel/status/1730383711437283757"
+        ],
+        "synonyms": [
+          "DEV-1044"
+        ]
+      },
+      "uuid": "5ec7a98e-9725-4f87-8a6e-91e2b4ba04ac",
+      "value": "Storm-1044"
     }
   ],
   "version": 298