[threat-actors] Add Storm-1575

2024-11-22 23:07:19 +00:00 · 2024-02-01 11:02:05 -08:00 · 2024-02-01 11:02:05 -08:00 · e497ec2b38
commit e497ec2b38
parent a42dc67fb6
1 changed files with 11 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -14717,6 +14717,17 @@
      },
      "uuid": "2da09284-be56-49cd-ad18-993a6eb17af2",
      "value": "Storm-0835"
+    },
+    {
+      "description": "Storm-1575 is a threat actor identified by Microsoft as being involved in phishing campaigns using the Dadsec platform. They utilize hundreds of Domain Generated Algorithm domains to host credential harvesting pages and target global organizations to steal Microsoft 365 credentials.",
+      "meta": {
+        "refs": [
+          "https://www.bridewell.com/insights/blogs/detail/analysing-widespread-microsoft365-credential-harvesting-campaign",
+          "https://twitter.com/MsftSecIntel/status/1712936244987019704?lang=en"
+        ]
+      },
+      "uuid": "2485a9cb-b41c-43bd-8b1c-c64e919c0a4e",
+      "value": "Storm-1575"
    }
  ],
  "version": 298