| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Storm-2460 is a threat actor that has exploited elevation of privilege vulnerabilities to deploy PipeMagic malware and ransomware, enabling them to escalate access within compromised environments. They have been observed using the certutil utility to download malware from compromised legitimate third-party websites. Ransomware activity associated with Storm-2460 includes file encryption and the deployment of a ransom note named !_READ_ME_REXX2_!.txt. Microsoft recommends prioritizing security updates for elevation of privilege vulnerabilities to mitigate the impact of this actor's activities.
There are currently no families associated with this actor.
| 2025-04-08
⋅
Microsoft
⋅
Exploitation of CLFS zero-day leads to ransomware activity RansomEXX Storm-2460 |