Storm-2077 is a threat actor attributed to CN, also known as RedNovember, TAG-100. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does Storm-2077 exploit?

Specific CVE exploitation data for Storm-2077 is being tracked. Check the Strobes VI threat actor profile for updates.

Storm-2077

Also known as: RedNovember, TAG-100

Exploited CVEs

Overview

TAG-100 is a cyber-espionage APT that targets government and private sector organizations globally, exploiting vulnerabilities in internet-facing devices such as Citrix NetScaler and F5 BIG-IP for initial access. The group employs open-source tools like Pantegana and SparkRAT for persistence and post-exploitation activities, including credential theft and email data exfiltration. TAG-100 has compromised entities in at least ten countries, including two Asia-Pacific intergovernmental organizations, and focuses on sectors like education, finance, and local government. Their operations highlight the challenges of attribution due to the use of off-the-shelf tools and techniques that overlap with other state-sponsored groups.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database