| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Storm-1084 is a threat actor that has been observed collaborating with the MuddyWater group. They have used the DarkBit persona to mask their involvement in targeted attacks. Storm-1084 has been linked to destructive actions, including the encryption of on-premise devices and deletion of cloud resources. They have been observed using tools such as Rport, Ligolo, and a customized PowerShell backdoor. The extent of their autonomy or collaboration with other Iranian threat actors is currently unclear.
There are currently no families associated with this actor.
| 2023-08-24
⋅
circleid
⋅
Signs of MuddyWater Developments Found in the DNS PhonyC2 Storm-1084 |
| 2023-04-07
⋅
Microsoft
⋅
MERCURY and DEV-1084: Destructive attack on hybrid environment DarkBit Storm-1084 |