Storm-1977 is a threat actor. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does Storm-1977 exploit?

Specific CVE exploitation data for Storm-1977 is being tracked. Check the Strobes VI threat actor profile for updates.

Storm-1977

Exploited CVEs

Overview

Storm-1977 is a sophisticated threat actor that conducts password-spraying attacks targeting cloud tenants, particularly in the education sector, utilizing the AzureChecker.exe CLI tool as their primary infection vector. They have successfully compromised over 200 containers, repurposing them for cryptocurrency mining operations by leveraging guest accounts to create new resource groups within compromised subscriptions. Microsoft Threat Intelligence researchers have identified unique operational patterns that distinguish Storm-1977 from other cryptomining threat actors. The group exploits compromised accounts as a primary attack surface in their operations.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database