Storm-0324 Exploits Microsoft Teams Chats Deploying JSSLoader

Threat Level

Actor Report

For a detailed threat advisory, download the pdf file here

Summary

Storm-0324 is a financially motivated threat actor with a history of operations dating back to 2016. This actor has a specialization in facilitating ransomware deployments and providing access to compromised networks and devices to other threat actors. Notably, in 2019, Storm-0324 began its collaboration with FIN7 (aka Sangria Tempest) by delivering its first payload. Starting from July 2023, Storm-0324 has shifted its focus to exploiting MS Teams chats using an open-source tool as part of its cyber activities.

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.