mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 18:27:19 +00:00
[threat-actors] Add Storm-0501
This commit is contained in:
parent
3b57092dd1
commit
50b2ad7c23
1 changed files with 10 additions and 0 deletions
|
@ -16885,6 +16885,16 @@
|
||||||
},
|
},
|
||||||
"uuid": "7b14f285-86e9-47da-be1a-16ce566c428b",
|
"uuid": "7b14f285-86e9-47da-be1a-16ce566c428b",
|
||||||
"value": "Handala"
|
"value": "Handala"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Storm-0501 is a financially motivated cybercriminal group that has been active since 2021, initially targeting US school districts with the Sabbath ransomware and later transitioning to a RaaS model deploying various ransomware strains, including Embargo. The group exploits weak credentials and over-privileged accounts to achieve lateral movement from on-premises environments to cloud infrastructures, establishing persistent backdoor access and deploying ransomware. They have utilized techniques such as credential theft, exploiting vulnerabilities in Zoho ManageEngine and Citrix NetScaler, and employing tools like Cobalt Strike and Rclone for lateral movement and data exfiltration. Storm-0501 has specifically targeted sectors such as government, manufacturing, transportation, and law enforcement in the United States.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "f6a60403-4bcc-4fc6-ac07-abb913c1f080",
|
||||||
|
"value": "Storm-0501"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 315
|
"version": 315
|
||||||
|
|
Loading…
Reference in a new issue