CN

Storm-0940Storm-0940

Also known as: CovertNetwork-1658 · ORB07 · Storm-0940

Origin
CN
Known aliases
3

Profile

Storm-0940 is a Chinese threat actor active since at least 2021, known for gaining initial access through password spray and brute-force attacks, as well as exploiting network edge applications. Microsoft has observed Storm-0940 utilizing valid credentials obtained from CovertNetwork-1658's password spray operations, indicating a close operational relationship between the two. Once inside a victim environment, Storm-0940 has been seen leveraging compromised credentials for further malicious activities. Additionally, Storm-0940 has employed botnets, such as Quad7, to facilitate password spraying attacks.

Aliases· 3

CovertNetwork-1658ORB07Storm-0940

References

  1. https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Storm-0558
Actor
Storm-1044
Actor
UNC4540
Actor
Storm-0539
Actor
Storm-0062
Actor
Storm-0867
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.