Storm-2372
0 incidentes
0 paises
0 sectores
apt RU Ultimo: -
Storm-2372 is a threat actor assessed with moderate confidence to be aligned with Russian state interests, first observed engaging in cyber operations in August 2024. The group's primary motivation is espionage, focusing on credential harvesting and data exfiltration from targeted organizations. What distinguishes Storm-2372 is its highly targeted device code phishing campaigns, which exploit the OAuth device code authentication flow, often initiated through social engineering via legitimate third-party messaging applications like WhatsApp, Signal, and Microsoft Teams. This technique allows them to bypass traditional security measures, including multi-factor authentication, to gain unauthorized access to accounts.
Sectores objetivo (SOCRadar)
Energy & Utilities Information ServicesEducational ServicesHealthCare & Social AssistancePublic AdministrationTelecommunicationsCivic&Social OrganizationsSpace & DefenseData Processing, Hosting, and Related Services