Uptime Hamster: 15d 5h 18mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza Storm-0501

Storm-0501

1 incidentes 1 paises 0 sectores apt LV Ultimo: 2026-05-25
Ver en IntelTracker → APTTrail →
Storm-0501 is a financially motivated cybercriminal group that emerged in 2021, initially deploying Sabbath ransomware against US school districts. The group rapidly evolved to adopt a Ransomware-as-a-Service (RaaS) model, integrating various ransomware strains such as Hive, BlackCat, Hunters International, LockBit, INC, Lynx, and Embargo into its operations. A significant shift in their methodology occurred in 2024 and 2025, moving towards cloud-native ransomware tactics where they abuse legitimate cloud features and capabilities for data exfiltration and destruction, rather than relying solely on traditional malware deployment. This group is distinguished by its adaptive strategy, including a quick pivot following the takedown of the Hive RaaS network, and its proficiency in exploiting hybrid cloud environments, moving seamlessly between on-premises and cloud infrastructures. Storm-0501 is also known by the alias Hunters International.

Actores similares

stormousransomware · 177crimson-sandstormactor · 1Storm-1811actor · 1Dust Stormapt · 1storm-cloudactor · 1unc1549-crimson-sandstormactor · 1smoke-sandstorm-cuboid-saactor · 1Storm-0324apt · 0Storm-2372apt · 0Storm-2949apt · 0
Tecnicas MITRE
T1614, T1555.006, T1078, T1036.004, T1486, T1003
CVEs relacionadas
CVE-2025-8424, CVE-2025-7776, CVE-2025-7775, CVE-2025-5482, CVE-2025-5470, CVE-2025-53786
Victimas
0
TTPs unicas
0
Info robada historica
N/D
Rescates reclamados
N/D
Pagos detectados
N/D

Paises afectados

United States (1)

Sectores objetivo (SOCRadar)

Agriculture&ForestryEnergy & Utilities ManufacturingTransportation&WarehousingInformation ServicesFinanceHealthCare & Social AssistancePublic AdministrationJustice & Safety ActivitiesSpace & Defense