Storm-0501 Hits Enterprise With ‘Cloud-Based Ransomware’ Attack www.darkreading.com/cloud-sec…

The march of progress continues, as a threat actor has now pulled off an attack described as “cloud-based ransomware.”

Microsoft on Aug. 27 published research concerning Storm-0501, a ransomware actor that has been active since 2021. To date, the group has utilized a wide range of ransomware-as-a-service (RaaS) strains, including Embargo, Hunters International, Hive, BlackCat/ALPHV, and LockBit, among others. Last September, Microsoft published research detailing how the group changed its tactics from buying credentials to leveraging weak credentials in order to move laterally from on-premises to cloud environments.

This latest research offers a look into how Storm-0501 has further evolved its tactics, techniques, and procedures (TTPs). More specifically, the research describes a recent attack in which the “the threat actor achieved cloud-based ransomware impact through cloud privilege escalation, taking advantage of protection and visibility gaps across the compromised environment, and pivoting from on-premises to cloud pivots.”