SYMBOL | COMMON_NAME | aka. SYNONYMS |
Storm-0940 is a Chinese threat actor active since at least 2021, known for gaining initial access through password spray and brute-force attacks, as well as exploiting network edge applications. Microsoft has observed Storm-0940 utilizing valid credentials obtained from CovertNetwork-1658's password spray operations, indicating a close operational relationship between the two. Once inside a victim environment, Storm-0940 has been seen leveraging compromised credentials for further malicious activities. Additionally, Storm-0940 has employed botnets, such as Quad7, to facilitate password spraying attacks.
There are currently no families associated with this actor.
2024-10-31
⋅
Microsoft
⋅
Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network Storm-0940 |