Malware distributor Storm-0324 facilitates ransomware access
Are you prepared for Storm-0324, an active cyber-crime group that infiltrates networks and acts as a distributor for other attack payloads, including ransomware and infostealer payloads. Beginning in July 2023, Storm-0324 was observed distributing payloads using an open-source tool to send phishing lures through Microsoft Teams chats. Because Storm-0324 hands off access to other threat actors, identifying and remediating Storm-0324 activity can prevent more dangerous follow-on attacks like ransomware. In this blog, we provide a comprehensive analysis of Storm-0324—a cyber-criminal group—and their established tools, tactics, and procedures (TTPs) as well as their more recent attacks. To defend against this threat actor, Microsoft customers can use Microsoft 365 Defender to detect Storm-0324 activity and significantly limit the impact of these attacks on networks. Read this Microsoft article to find out how to defend against this complex threat.