| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Storm-0473 (Tomiris) is a threat actor that has been active since at least 2019. They primarily target government and diplomatic entities in the Commonwealth of Independent States region, with occasional victims in other regions being foreign representations of CIS countries. Tomiris uses a wide variety of malware implants, including downloaders, backdoors, and file stealers, developed in different programming languages. They employ various attack vectors such as spear-phishing, DNS hijacking, and exploitation of vulnerabilities. There are potential ties between Tomiris and Turla, but they are considered separate threat actors with distinct targeting and tradecraft by Kaspersky.
There are currently no families associated with this actor.
| 2024-12-04
⋅
Microsoft
⋅
Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage Crimson RAT MiniPocket TwoDash Wainscot Operation C-Major Storm-0473 |
| 2023-04-24
⋅
Kaspersky Labs
⋅
Tomiris called, they want their Turla malware back KopiLuwak Andromeda Ave Maria GoldMax JLORAT Kazuar Meterpreter QUIETCANARY RATel Roopy Telemiris tomiris Topinambour Storm-0473 |
| 2022-04-27
⋅
Kaspersky Labs
⋅
APT trends report Q1 2022 Fishing Elephant Storm-0473 |
| 2021-09-29
⋅
Kaspersky Labs
⋅
DarkHalo after SolarWinds: the Tomiris connection (UNC2849) tomiris Storm-0473 |