Daily cloud and web hosting news coverage by HostingDiscussion.com

Emerging threat group Storm-0501 targets hybrid clouds with ransomware, backdoors

Microsoft has issued a warning about Storm-0501, a rapidly evolving cyber threat group that is aggressively targeting hybrid cloud environments through sophisticated ransomware and backdoor techniques.

Although active since 2021, the group remains classified as “emerging,” yet it has proven highly destructive. Known for its connections to major ransomware programs like LockBit and Hive, Storm-0501’s latest campaigns have cybersecurity experts on alert.

In a recent blog post, Microsoft revealed that Storm-0501 has been focusing on gaining initial access through on-premises environments and then pivoting to cloud-based systems. The group primarily uses Initial Access Brokers (IABs) and vulnerabilities in public-facing servers to infiltrate networks.

Once inside, they target over-privileged accounts, deploy Cobalt Strike for lateral movement, and use tools like Impacket to gather credentials. With access to critical accounts, they move from the on-prem domain to cloud services like Microsoft Entra ID.

What’s concerning is their ability to implant backdoors, allowing persistent access even after a breach is discovered. Storm-0501 has been leveraging Entra Connect Sync accounts to gain control over hybrid environments, exploiting weak points like non-MFA-protected accounts with global administrator roles.

In some cases, the group halts its operations after setting up backdoors, while other attacks escalate to full-scale ransomware deployments, particularly with Embargo ransomware.

Microsoft advises all organizations to strengthen MFA protections, monitor Entra ID logs, and review cloud permissions regularly to mitigate Storm-0501’s growing threat.

Share this post

Supporters

Dedicated Servers

Enterprise Dedicated Servers - Intel/AMD EPYC & RYZEN - 100% Uptime 24/7 Support

Save 37% Off Plesk License

Official Plesk Partner, Instant License Delivery, No Contract Commitment. Grab Your Savings NOW!

Up to 30% Off on KVM VPS

Significant discounts on KVM VPS SSD. Worldwide Locations. Full Root Access. Instant Deployment.

.CA Domain for only C$10.99

Get a .CA domain, with domain privacy, full DNS record control, domain forwarding, excellent support.

Web Design and SEO

Premium professional WordPress sites that will not break your wallet. Optimized for SEO to drive traffic.

Interviews

Members Recently Online

Menu