SYMBOL | COMMON_NAME | aka. SYNONYMS |
Storm-0569 is an initial access broker that distributes BATLOADER using search engine optimization (SEO) poisoning with websites that spoof Zoom, TeamViewer, Tableau, and AnyDesk. It uses the loader malware to inject the Cobalt Strike payload and transfers access to Storm-0506 for the deployment of the Black Basta ransomware.
There are currently no families associated with this actor.
2024-07-29
⋅
Microsoft
⋅
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption Black Basta Black Basta Storm-0506 |
2023-12-30
⋅
Rewterz Information Security
⋅
Rewterz Threat Alert – Widely Abused MSIX App Installer Disabled by Microsoft – Active IOCs EugenLoader POWERTRASH BATLOADER DarkGate FlawedGrace NetSupportManager RAT SectopRAT Storm-0506 |