Storm-1811

Also known as: Storm-1811

Storm-1811 is a financially-motivated entity linked to Black Basta ransomware deployment. Storm-1811 is notable for unique phishing and social engineering mechanisms for initial access, such as overloading victim email inboxes with non-malicious spam to prompt a fake β€œhelp desk” interaction leading to the deployment of adversary tools and capabilities. Microsoft Storm-1811 2024 rapid7-email-bombing RedCanary Storm-1811 2024 RedCanary June Insights 2024

🧭 ATT&CK G1046

Introduction

Storm-1811 is a financially-motivated entity linked to Black Basta ransomware deployment. Storm-1811 is notable for unique phishing and social engineering mechanisms for initial access, such as overloading victim email inboxes with non-malicious spam to prompt a fake β€œhelp desk” interaction leading to the deployment of adversary tools and capabilities. Microsoft Storm-1811 2024 rapid7-email-bombing RedCanary Storm-1811 2024 RedCanary June Insights 2024

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

Information pending cataloguing.

Attribution and Evidence

Information pending cataloguing.

References

[1] MITRE ATT&CK MITRE ATT&CK entry [2] Microsoft Storm-1811 2024 [3] rapid7-email-bombing [4] RedCanary Storm-1811 2024 [5] RedCanary June Insights 2024