| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Storm-1674 is an access broker known for using tools based on the publicly available TeamsPhisher tool to distribute DarkGate malware. Storm-1674 campaigns have typically relied on phishing lures sent over Teams with malicious attachments, such as ZIP files containing a LNK file that ultimately drops DarkGate and Pikabot. In September 2023, Microsoft observed handoffs from Storm-1674 to ransomware operators that have led to Black Basta ransomware deployment.
There are currently no families associated with this actor.
| 2023-12-30
⋅
Rewterz Information Security
⋅
Rewterz Threat Alert – Widely Abused MSIX App Installer Disabled by Microsoft – Active IOCs HijackLoader Storm-1674 |