Uptime Hamster: 15d 7h 58mDeploy: 13 Jul 2026 08:04Updated: 2026-07-05
Logo del actor de amenaza Storm-0324

Storm-0324

0 incidentes 0 paises 0 sectores apt Ultimo: -
Aliases: DEV-0324, Sagrid, TA543
Ver en IntelTracker → APTTrail →
Storm-0324, also identified as DEV-0324, TA543, and Sagrid by various researchers, is a financially motivated cybercriminal group that emerged around 2016. The group primarily functions as an initial access broker, specializing in gaining entry to corporate networks and subsequently selling or transferring this access to other threat actors, most notably the ransomware-as-a-service (RaaS) group Sangria Tempest (also known as FIN7 or Carbon Spider), for deploying ransomware. Initially, Storm-0324's operations relied on email-based phishing campaigns. However, in July 2023, the group significantly evolved its tactics by incorporating Microsoft Teams chats as a new vector for distributing malicious lures. Microsoft assigns 'Storm' names to groups where the origin or identity has not been confirmed with high confidence, indicating Storm-0324’s evasive nature and lack of definitive state-sponsorship attribution.

Aliases del actor

DEV-0324SagridTA543

Actores similares

devmanransomware · 184stormousransomware · 177crimson-sandstormactor · 1Network Devicesactor · 1Compromise Software Dependencies and Development Toolsactor · 1Device Driver Discoveryactor · 1Storm-1811actor · 1Storm-0501apt · 1Dust Stormapt · 1CS FQL: 32. Detect Data Exfiltration via external storage devicesactor · 1
Tecnicas MITRE
T1059.001, T1071.001, T1027, T1566.001
CVEs relacionadas
CVE-2023-36884, CVE-2023-21715, CVE-2023-20198
Tipo
apt
Pais origen
-
Motivacion
-
Impacto
47
Actualizado
Sat, 23 Se

Sectores objetivo (SOCRadar)

HospitalsPublic AdministrationRestaurantsInternet PublishingEnergy & Utilities InsuranceAerospace Product and Parts ManufacturingLegal ServicesRemediation and Other Waste Management ServicesBusiness Schools and Computer and Management Training