Storm-0506 (Threat Actor)

SYMBOL	COMMON_NAME	aka. SYNONYMS

Storm-0506 (Back to overview)

Storm-0569 is an initial access broker that distributes BATLOADER using search engine optimization (SEO) poisoning with websites that spoof Zoom, TeamViewer, Tableau, and AnyDesk. It uses the loader malware to inject the Cobalt Strike payload and transfers access to Storm-0506 for the deployment of the Black Basta ransomware.

Associated Families

There are currently no families associated with this actor.

References

2024-07-29 ⋅ Microsoft ⋅ Charles-Edouard Bettan, Danielle Kuznets Nohi, Edan Zwick, Meitar Pinto, Vaibhav Deshmukh
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption
Black Basta Black Basta Storm-0506

2023-12-30 ⋅ Rewterz Information Security ⋅ Rewterz Information Security
Rewterz Threat Alert – Widely Abused MSIX App Installer Disabled by Microsoft – Active IOCs
EugenLoader POWERTRASH BATLOADER DarkGate FlawedGrace NetSupportManager RAT SectopRAT Storm-0506

Credits: MISP Project