Storm-0324 Exploits Microsoft Teams Chats Deploying JSSLoader

Threat Level – Red | Vulnerability Report
Download PDF

Storm-0324 is a financially motivated threat actor with a history of operations dating back to 2016. This actor has a specialization in facilitating ransomware deployments and providing access to compromised networks and devices to other threat actors. Notably, in 2019, Storm-0324 began its collaboration with FIN7 (aka Sangria Tempest) by delivering its first payload. Starting from July 2023, Storm-0324 has shifted its focus to exploiting MS Teams chats using an open-source tool as part of its cyber activities.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox