Storm Cloud

Also known as: Storm Cloud

Storm Cloud is a Chinese espionage threat actor known for targeting organizations across Asia, particularly Tibetan organizations and individuals. They use a variety of malware families, including GIMMICK and GOSLU, which are feature-rich and multi-platform. Storm Cloud leverages public cloud hosting services like Google Drive for command-and-control channels, making it difficult to detect their activities.

🌍 Country China

Associated Operations

Holy Water

Introduction

Storm Cloud is a Chinese espionage threat actor known for targeting organizations across Asia, particularly Tibetan organizations and individuals. They use a variety of malware families, including GIMMICK and GOSLU, which are feature-rich and multi-platform. Storm Cloud leverages public cloud hosting services like Google Drive for command-and-control channels, making it difficult to detect their activities.

Activities and Tactics

Country of Origin: 🇨🇳 China

Notable Campaigns

  • Holy Water

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • CloudDuke
  • CrossRat
  • Godlike12:
  • SweetAlerts:
  • BRAINDAMAGE:
  • GOSLU:
  • STITCH:
  • PLUGDAT:

Attribution and Evidence

Country of Origin: China Additional attribution information pending cataloguing.

References

References pending cataloguing.