Storm-0249 is a threat actor, also known as DEV-0249. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does Storm-0249 exploit?

Specific CVE exploitation data for Storm-0249 is being tracked. Check the Strobes VI threat actor profile for updates.

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

Storm-0249

Also known as: DEV-0249

Financial Gain

Exploited CVEs

Overview

Storm-0249 is an access broker active since 2021, known for distributing BazaLoader, IcedID, Bumblebee, and Emotet malware. The actor primarily employs phishing emails to deliver malware payloads, as evidenced by a campaign involving tax-themed emails that aimed to distribute BRc4 and Latrodectus malware. Storm-0249 has facilitated initial access for other threat actors, such as Storm-0501, by leveraging compromised credentials and exploiting known vulnerabilities in public-facing servers. Microsoft has detected malicious PDF attachments associated with Storm-0249's phishing campaigns.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database