[threat-actors] Add Storm-1295

This commit is contained in:
Mathieu4141 2024-02-01 11:02:01 -08:00
parent 76430b605e
commit 475dc88296

View file

@ -14437,6 +14437,20 @@
}, },
"uuid": "dd012c50-4f4f-4485-ac52-294a341f03e5", "uuid": "dd012c50-4f4f-4485-ac52-294a341f03e5",
"value": "Phlox Tempest" "value": "Phlox Tempest"
},
{
"description": "Storm-1295 is a threat actor group that operates the Greatness phishing-as-a-service platform. They utilize synchronous relay servers to present targets with a replica of a sign-in page, resembling traditional phishing attacks. Their adversary-in-the-middle capability allows Storm-1295 to offer their services to other attackers. Active since mid-2022, Storm-1295 is tracked by Microsoft and is known for their involvement in the Greatness PhaaS platform.",
"meta": {
"refs": [
"https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/monthly-news-july-2023/ba-p/3860740",
"https://twitter.com/MsftSecIntel/status/1696273952870367320"
],
"synonyms": [
"DEV-1295"
]
},
"uuid": "5f485e47-18ad-4302-85a1-0a390fe90dc1",
"value": "Storm-1295"
} }
], ],
"version": 298 "version": 298