Storm-1044

MISP

Type:
Unknown

Country:
Unknown

First seen:
Unknown

Details:

Storm-1044 has been identified as part of a cyber campaign in collaboration with Twisted Spider. They employ a strategic approach, targeting specific endpoints using an initial access trojan called DanaBot. Once they gain access, Storm-1044 initiates lateral movement through Remote Desktop Protocol sign-in attempts, passing control to Twisted Spider. Twisted Spider then compromises the endpoints by introducing the CACTUS ransomware. Microsoft has detected ongoing malvertising attacks involving Storm-1044, leading to the deployment of CACTUS ransomware.

References (1)

twitter.com - 1730383711437283757

Aliases (107)

DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044 DEV-1044

Metadata

ID:	599
Created:	13/01/2026 17:48
Updated:	08/03/2026 04:00