Uptime Hamster: 15d 3h 4mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza Storm Cloud

Storm Cloud

0 incidentes 0 paises 0 sectores apt CN Ultimo: -
Aliases: como Holy Water, Godlike12, SweetAlerts, Strategic web compromise (watering hole), Holy Water, Holy Water sugiere una tradición de actividades persistentes
Ver en IntelTracker → APTTrail →
Storm Cloud is a threat actor identified in 2020, known for conducting highly targeted cyber espionage operations. This group is assessed to be affiliated with China and primarily focuses on government entities, defense organizations, and the aerospace sector. Their core motivation is cyber espionage, aiming to exfiltrate sensitive data and intellectual property. The group is characterized by its use of custom malware, personalized spear-phishing campaigns, and the exploitation of zero-day vulnerabilities. Notably, Storm Cloud was observed targeting the Tibetan community through fake Flash campaigns. It is important to differentiate 'Storm Cloud' from other threat actors designated by Microsoft using the 'Storm-####' naming convention, such as Storm-0501 (a financially motivated ransomware group) or Storm-0558 (another China-linked cyber espionage group with distinct TTPs), as 'Storm Cloud' is not an alias for these groups.

Aliases del actor

como Holy WaterGodlike12SweetAlertsStrategic web compromise (watering hole)Holy WaterHoly Water sugiere una tradición de actividades persistentes

Actores similares

HolyWaterapt · 0Water Bakunawaapt · 0blackwaterransomware · 11holyghostransomware · 2clearwateractor · 1MuddyWaterapt · 1muddywateractor · 1Water Labbuapt · 0Water Gamayunapt · 0Water Saciapt · 0
Tecnicas MITRE
T1571, T1210, T1566.001, T1078
Tipo
apt
Pais origen
CN
Motivacion
-
Impacto
47
Actualizado
Sat, 25 No

Sectores objetivo (SOCRadar)

Public AdministrationSpace & DefenseManagement, Scientific, and Technical Consulting ServicesGrantmaking and Giving Services