Storm-1044Storm-1044

Also known as: DEV-1044 · Storm-1044

Known aliases
2

Profile

Storm-1044 has been identified as part of a cyber campaign in collaboration with Twisted Spider. They employ a strategic approach, targeting specific endpoints using an initial access trojan called DanaBot. Once they gain access, Storm-1044 initiates lateral movement through Remote Desktop Protocol sign-in attempts, passing control to Twisted Spider. Twisted Spider then compromises the endpoints by introducing the CACTUS ransomware. Microsoft has detected ongoing malvertising attacks involving Storm-1044, leading to the deployment of CACTUS ransomware.

Aliases· 2

DEV-1044Storm-1044

References

  1. https://twitter.com/MsftSecIntel/status/1730383711437283757

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Storm-1084
Actor
Storm-0940
Actor
Storm-0324
Actor
Storm-0826
Actor
Storm-1674
Actor
Storm-0494
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.