[threat-actors] Add Storm-1567

This commit is contained in:
Mathieu4141 2024-02-01 11:02:05 -08:00
parent eb8db810c0
commit 7607dc70cf

View file

@ -14662,6 +14662,23 @@
}, },
"uuid": "e18dca82-0524-4338-9a66-e13e67c81ac4", "uuid": "e18dca82-0524-4338-9a66-e13e67c81ac4",
"value": "Storm-1152" "value": "Storm-1152"
},
{
"description": "Storm-1567 is the threat actor behind the Ransomware-as-a-Service Akira. They attacked Swedish organizations in March 2023. This ransomware utilizes the ChaCha encryption algorithm, PowerShell, and Windows Management Instrumentation (WMI). Microsoft's Defender for Endpoint successfully blocked a large-scale hacking campaign carried out by Storm-1567, highlighting the effectiveness of their security solution.",
"meta": {
"refs": [
"https://news.sophos.com/en-us/2023/12/20/cryptoguard-an-asymmetric-approach-to-the-ransomware-battle/",
"https://securelist.com/crimeware-report-fakesg-akira-amos/111483/",
"https://www.trellix.com/en-us/about/newsroom/stories/research/akira-ransomware.html",
"https://blog.sekoia.io/sekoia-io-mid-2023-ransomware-threat-landscape",
"https://decoded.avast.io/threatresearch/avast-q2-2023-threat-report/"
],
"synonyms": [
"Akira"
]
},
"uuid": "3a912680-6f38-4fe7-9941-744f0e2280b3",
"value": "Storm-1567"
} }
], ],
"version": 298 "version": 298