Storm-1044 is a threat actor, also known as DEV-1044. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does Storm-1044 exploit?

Specific CVE exploitation data for Storm-1044 is being tracked. Check the Strobes VI threat actor profile for updates.

Storm-1044

Also known as: DEV-1044

Exploited CVEs

Overview

Storm-1044 has been identified as part of a cyber campaign in collaboration with Twisted Spider. They employ a strategic approach, targeting specific endpoints using an initial access trojan called DanaBot. Once they gain access, Storm-1044 initiates lateral movement through Remote Desktop Protocol sign-in attempts, passing control to Twisted Spider. Twisted Spider then compromises the endpoints by introducing the CACTUS ransomware. Microsoft has detected ongoing malvertising attacks involving Storm-1044, leading to the deployment of CACTUS ransomware.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database