Storm-0558

Also known as: Storm-0558, Antique Typhoon

Storm-0558 is a China-based threat actor with espionage objectives. While there are some minimal overlaps with other Chinese groups such as Violet Typhoon (ZIRCONIUM, APT31), Microsoft maintain high confidence that Storm-0558 operates as its own distinct group

🌍 Country China

⚡ Risk Level High

🎯 Incident Type Espionage

Government

Targeted Victims

United States Germany

Introduction

Activities and Tactics

Targeted Sectors: Government

Country of Origin: 🇨🇳 China

Risk Level: High

Incident Type: Espionage

Suspected Victims: United States, Germany

Notable Campaigns

Microsoft (July 2023; Storm-0558 (CN APT))

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

China Chopper
Minimo

Attribution and Evidence

Country of Origin: China Additional attribution information pending cataloguing.

References

References pending cataloguing.

Source Attribution

Structured source: MISP Galaxy

Data sourced from MISP Galaxy threat-actor cluster (CC0 licensed)

View upstream source record

License: CC BY-NC-SA 3.0

Additional source provenance

BushidoToken Breach Report Collection References were identified via the BushidoToken Breach Report Collection (https://github.com/BushidoUK/Breach-Report-Collection), which is used here as a report index. Copyright in linked reports remains with the original publishers. Repository Dataset
malpedia Source record Dataset
misp galaxy Dataset

Source and license policy

🔍 Quick Filters

Top Countries

Risk Distribution

High

161

Critical

Low

Medium