Storm-1674Storm-1674

Also known as: Storm-1674

Known aliases
1

Profile

Storm-1674 is an access broker known for using tools based on the publicly available TeamsPhisher tool to distribute DarkGate malware. Storm-1674 campaigns have typically relied on phishing lures sent over Teams with malicious attachments, such as ZIP files containing a LNK file that ultimately drops DarkGate and Pikabot. In September 2023, Microsoft observed handoffs from Storm-1674 to ransomware operators that have led to Black Basta ransomware deployment.

Aliases· 1

Storm-1674

References

  1. https://www.microsoft.com/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
  2. https://www.rewterz.com/rewterz-news/rewterz-threat-alert-widely-abused-msix-app-installer-disabled-by-microsoft-active-iocs/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Storm-0506
Actor
Storm-0826
Actor
Storm-0324
Actor
Storm-1084
Actor
Storm-0940
Actor
Storm-0249
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.