Storm-2949
0 incidentes
0 paises
0 sectores
apt Ultimo: -
Storm-2949 is a threat actor first identified in 2026 that conducts multi-phase, identity-driven cloud breach campaigns, primarily targeting Microsoft 365 and Azure environments. The group's primary motivation is corporate espionage through the exfiltration of sensitive data from high-value organizational assets. What distinguishes Storm-2949 is its method of operation, which largely forgoes traditional malware and zero-day exploits in favor of abusing legitimate cloud features, built-in administrative tools, and identity services to achieve control-plane and data-plane access. This approach allows their activities to blend into normal administrative behavior, making detection challenging.