Uptime Hamster: 16d 9h 30mDeploy: 14 Jul 2026 21:26Updated: 2026-07-14
Logo del actor de amenaza Storm-2372

Storm-2372

0 incidentes 0 paises 0 sectores apt RU Ultimo: -
Ver en IntelTracker → APTTrail →
Storm-2372 is a threat actor assessed with moderate confidence to be aligned with Russian state interests, first observed engaging in cyber operations in August 2024. The group's primary motivation is espionage, focusing on credential harvesting and data exfiltration from targeted organizations. What distinguishes Storm-2372 is its highly targeted device code phishing campaigns, which exploit the OAuth device code authentication flow, often initiated through social engineering via legitimate third-party messaging applications like WhatsApp, Signal, and Microsoft Teams. This technique allows them to bypass traditional security measures, including multi-factor authentication, to gain unauthorized access to accounts.

Actores similares

stormousransomware · 177crimson-sandstormactor · 1Storm-1811actor · 1Storm-0501apt · 1Dust Stormapt · 1storm-cloudactor · 1unc1549-crimson-sandstormactor · 1smoke-sandstorm-cuboid-saactor · 1Storm-0324apt · 0Storm-2949apt · 0
Tecnicas MITRE
T1528 - Steal Application Access Token, T1078 - Valid Accounts, T1114.002 - Email Collection Remote Email Collection, T1071.001 - Application Layer Protocol Web Protocols, T1566.002 - Phishing Spearphishing Link
Tipo
apt
Pais origen
RU
Motivacion
-
Impacto
23
Actualizado
Wed, 26 Ma

Sectores objetivo (SOCRadar)

Energy & Utilities Information ServicesEducational ServicesHealthCare & Social AssistancePublic AdministrationTelecommunicationsCivic&Social OrganizationsSpace & DefenseData Processing, Hosting, and Related Services