SYMBOLCOMMON_NAMEaka. SYNONYMS

Storm-0940  (Back to overview)


Storm-0940 is a Chinese threat actor active since at least 2021, known for gaining initial access through password spray and brute-force attacks, as well as exploiting network edge applications. Microsoft has observed Storm-0940 utilizing valid credentials obtained from CovertNetwork-1658's password spray operations, indicating a close operational relationship between the two. Once inside a victim environment, Storm-0940 has been seen leveraging compromised credentials for further malicious activities. Additionally, Storm-0940 has employed botnets, such as Quad7, to facilitate password spraying attacks.


Associated Families

There are currently no families associated with this actor.


References
2024-10-31MicrosoftMicrosoft Threat Intelligence
Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
Storm-0940

Credits: MISP Project