Storm-2460

Also known as: Storm-2460, Lumma Stealer

Storm-2460 is a threat actor that has exploited elevation of privilege vulnerabilities to deploy PipeMagic malware and ransomware, enabling them to escalate access within compromised environments. They have been observed using the certutil utility to download malware from compromised legitimate third-party websites. Ransomware activity associated with Storm-2460 includes file encryption and the deployment of a ransom note named !READ_ME_REXX2!.txt. Microsoft recommends prioritizing security updates for elevation of privilege vulnerabilities to mitigate the impact of this actor’s activities.

Introduction

Storm-2460 is a threat actor that has exploited elevation of privilege vulnerabilities to deploy PipeMagic malware and ransomware, enabling them to escalate access within compromised environments. They have been observed using the certutil utility to download malware from compromised legitimate third-party websites. Ransomware activity associated with Storm-2460 includes file encryption and the deployment of a ransom note named !READ_ME_REXX2!.txt. Microsoft recommends prioritizing security updates for elevation of privilege vulnerabilities to mitigate the impact of this actor’s activities.

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Xploit

Attribution and Evidence

Information pending cataloguing.

References

References pending cataloguing.