Cloud Ransomware Attack: Microsoft Sees Storm-0501 As Threat
Security Boulevard, Friday, October 11th, 2024
Microsoft has recently identified a threat actor known as Storm-0501 targeting government, manufacturing, transportation, and law enforcement sectors in the United States (US) in a cloud ransomware attack campaign. In this article, we'll dive into the details of the campaign and determine how such attacks are carried out. Let's begin!
Storm-0501 is a financially motivated threat actor known to have been active since 2021. As part of its cloud ransomware attack campaigns, the threat actor has targeted education facilities with the Sabbath (54bb47h) ransomware. However, it has now turned into a ransomware-as-a-service (RaaS) affiliate.
Carrying out malicious intents as an affiliate, the threat actor has delivered various ransomware payloads since the transition. Some of these payloads include ransomware, such as the:
- Hive.
- LockBit.
- Embargo
- BlackCat (ALPHV).
- Hunters International.
One of the most notable aspects of these attacks is their hybrid nature. It's believed that the threat actor leverages weak credentials used for over-privileged accounts to gain initial access. After breaching into the on-premise systems, the threat actor expands the attack area by transitioning to the cloud.