[threat-actors] Add Storm-1286

This commit is contained in:
Mathieu4141 2024-02-01 11:02:04 -08:00
parent 68e0ffb006
commit de04fe33e1

View file

@ -14574,6 +14574,16 @@
}, },
"uuid": "b05a2a56-08dc-4827-9aef-aaade91016a4", "uuid": "b05a2a56-08dc-4827-9aef-aaade91016a4",
"value": "Storm-1099" "value": "Storm-1099"
},
{
"description": "Storm-1286 is a threat actor that engages in large-scale spamming activities, primarily targeting user accounts without multifactor authentication enabled. They employ password spraying attacks to compromise these accounts and utilize legacy authentication protocols like IMAP and SMTP. In the past, they have attempted to compromise admin accounts and create new LOB applications with high administrative permissions to spread spam. Despite previous actions taken by Microsoft Threat Intelligence, Storm-1286 continues to explore new methods to establish a high-scale spamming platform within victim organizations using non-privileged users.",
"meta": {
"refs": [
"https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/"
]
},
"uuid": "375988ab-91b9-419e-8646-a4783b931288",
"value": "Storm-1286"
} }
], ],
"version": 298 "version": 298