{"id":4627,"date":"2024-09-27T13:10:57","date_gmt":"2024-09-27T17:10:57","guid":{"rendered":"https:\/\/hostingdiscussion.com\/news\/?p=4627"},"modified":"2024-09-27T11:53:18","modified_gmt":"2024-09-27T15:53:18","slug":"emerging-threat-group-storm-0501-targets-hybrid-clouds-with-ransomware-backdoors","status":"publish","type":"post","link":"https:\/\/hostingdiscussion.com\/news\/emerging-threat-group-storm-0501-targets-hybrid-clouds-with-ransomware-backdoors\/","title":{"rendered":"Emerging threat group Storm-0501 targets hybrid clouds with ransomware, backdoors"},"content":{"rendered":"<p>Microsoft has issued a warning about Storm-0501, a rapidly evolving cyber threat group that is aggressively targeting hybrid cloud environments through sophisticated ransomware and backdoor techniques.<\/p>\n<p>Although active since 2021, the group remains classified as \u201cemerging,\u201d yet it has proven highly destructive. Known for its connections to major ransomware programs like LockBit and Hive, Storm-0501\u2019s latest campaigns have cybersecurity experts on alert.<\/p>\n<p>In a recent blog post, Microsoft revealed that Storm-0501 has been focusing on gaining initial access through on-premises environments and then pivoting to cloud-based systems. The group primarily uses Initial Access Brokers (IABs) and vulnerabilities in public-facing servers to infiltrate networks.<\/p>\n<p>Once inside, they target over-privileged accounts, deploy Cobalt Strike for lateral movement, and use tools like Impacket to gather credentials. With access to critical accounts, they move from the on-prem domain to cloud services like Microsoft Entra ID.<\/p>\n<p>What\u2019s concerning is their ability to implant backdoors, allowing persistent access even after a breach is discovered. Storm-0501 has been leveraging Entra Connect Sync accounts to gain control over hybrid environments, exploiting weak points like non-MFA-protected accounts with global administrator roles.<\/p>\n<p>In some cases, the group halts its operations after setting up backdoors, while other attacks escalate to full-scale ransomware deployments, particularly with Embargo ransomware.<\/p>\n<p>Microsoft advises all organizations to strengthen MFA protections, monitor Entra ID logs, and review cloud permissions regularly to mitigate Storm-0501\u2019s growing threat.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft has issued a warning about Storm-0501, a rapidly evolving cyber threat group that is aggressively targeting hybrid cloud environments through sophisticated ransomware and backdoor techniques. Although active since 2021, the group remains classified as \u201cemerging,\u201d yet it has proven highly destructive. Known for its connections to major ransomware programs like LockBit and Hive, Storm-0501\u2019s [&hellip;]<\/p>\n","protected":false},"author":20624,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[2391,2413,2415,2414,140,2412,2411],"class_list":["post-4627","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-hive","tag-hybrid-clouds","tag-iabs","tag-lockbit","tag-microsoft","tag-ransomware","tag-storm-0501"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Emerging threat group Storm-0501 targets hybrid clouds with ransomware, backdoors - Web Hosting News<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostingdiscussion.com\/news\/emerging-threat-group-storm-0501-targets-hybrid-clouds-with-ransomware-backdoors\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Emerging threat group Storm-0501 targets hybrid clouds with ransomware, backdoors - Web Hosting News\" \/>\n<meta property=\"og:description\" content=\"Microsoft has issued a warning about Storm-0501, a rapidly evolving cyber threat group that is aggressively targeting hybrid cloud environments through sophisticated ransomware and backdoor techniques. Although active since 2021, the group remains classified as \u201cemerging,\u201d yet it has proven highly destructive. Known for its connections to major ransomware programs like LockBit and Hive, Storm-0501\u2019s [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostingdiscussion.com\/news\/emerging-threat-group-storm-0501-targets-hybrid-clouds-with-ransomware-backdoors\/\" \/>\n<meta property=\"og:site_name\" content=\"Web Hosting News\" \/>\n<meta property=\"article:published_time\" content=\"2024-09-27T17:10:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-27T15:53:18+00:00\" \/>\n<meta name=\"author\" content=\"Justine Juyad\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Justine Juyad\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/emerging-threat-group-storm-0501-targets-hybrid-clouds-with-ransomware-backdoors\/\",\"url\":\"https:\/\/hostingdiscussion.com\/news\/emerging-threat-group-storm-0501-targets-hybrid-clouds-with-ransomware-backdoors\/\",\"name\":\"Emerging threat group Storm-0501 targets hybrid clouds with ransomware, backdoors - Web Hosting News\",\"isPartOf\":{\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#website\"},\"datePublished\":\"2024-09-27T17:10:57+00:00\",\"dateModified\":\"2024-09-27T15:53:18+00:00\",\"author\":{\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3\"},\"breadcrumb\":{\"@id\":\"https:\/\/hostingdiscussion.com\/news\/emerging-threat-group-storm-0501-targets-hybrid-clouds-with-ransomware-backdoors\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/hostingdiscussion.com\/news\/emerging-threat-group-storm-0501-targets-hybrid-clouds-with-ransomware-backdoors\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/emerging-threat-group-storm-0501-targets-hybrid-clouds-with-ransomware-backdoors\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/hostingdiscussion.com\/news\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Emerging threat group Storm-0501 targets hybrid clouds with ransomware, backdoors\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#website\",\"url\":\"https:\/\/hostingdiscussion.com\/news\/\",\"name\":\"Web Hosting News\",\"description\":\"Cloud and web hosting industry daily news\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/hostingdiscussion.com\/news\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3\",\"name\":\"Justine Juyad\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g\",\"caption\":\"Justine Juyad\"},\"description\":\"HostingDiscussion.com senior reporter\",\"sameAs\":[\"https:\/\/hostingdiscussion.com\/news\/\"],\"url\":\"https:\/\/hostingdiscussion.com\/news\/author\/justine-juyad\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Emerging threat group Storm-0501 targets hybrid clouds with ransomware, backdoors - Web Hosting News","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostingdiscussion.com\/news\/emerging-threat-group-storm-0501-targets-hybrid-clouds-with-ransomware-backdoors\/","og_locale":"en_US","og_type":"article","og_title":"Emerging threat group Storm-0501 targets hybrid clouds with ransomware, backdoors - Web Hosting News","og_description":"Microsoft has issued a warning about Storm-0501, a rapidly evolving cyber threat group that is aggressively targeting hybrid cloud environments through sophisticated ransomware and backdoor techniques. Although active since 2021, the group remains classified as \u201cemerging,\u201d yet it has proven highly destructive. Known for its connections to major ransomware programs like LockBit and Hive, Storm-0501\u2019s [&hellip;]","og_url":"https:\/\/hostingdiscussion.com\/news\/emerging-threat-group-storm-0501-targets-hybrid-clouds-with-ransomware-backdoors\/","og_site_name":"Web Hosting News","article_published_time":"2024-09-27T17:10:57+00:00","article_modified_time":"2024-09-27T15:53:18+00:00","author":"Justine Juyad","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Justine Juyad","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/hostingdiscussion.com\/news\/emerging-threat-group-storm-0501-targets-hybrid-clouds-with-ransomware-backdoors\/","url":"https:\/\/hostingdiscussion.com\/news\/emerging-threat-group-storm-0501-targets-hybrid-clouds-with-ransomware-backdoors\/","name":"Emerging threat group Storm-0501 targets hybrid clouds with ransomware, backdoors - Web Hosting News","isPartOf":{"@id":"https:\/\/hostingdiscussion.com\/news\/#website"},"datePublished":"2024-09-27T17:10:57+00:00","dateModified":"2024-09-27T15:53:18+00:00","author":{"@id":"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3"},"breadcrumb":{"@id":"https:\/\/hostingdiscussion.com\/news\/emerging-threat-group-storm-0501-targets-hybrid-clouds-with-ransomware-backdoors\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostingdiscussion.com\/news\/emerging-threat-group-storm-0501-targets-hybrid-clouds-with-ransomware-backdoors\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostingdiscussion.com\/news\/emerging-threat-group-storm-0501-targets-hybrid-clouds-with-ransomware-backdoors\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostingdiscussion.com\/news\/"},{"@type":"ListItem","position":2,"name":"Emerging threat group Storm-0501 targets hybrid clouds with ransomware, backdoors"}]},{"@type":"WebSite","@id":"https:\/\/hostingdiscussion.com\/news\/#website","url":"https:\/\/hostingdiscussion.com\/news\/","name":"Web Hosting News","description":"Cloud and web hosting industry daily news","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostingdiscussion.com\/news\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3","name":"Justine Juyad","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g","caption":"Justine Juyad"},"description":"HostingDiscussion.com senior reporter","sameAs":["https:\/\/hostingdiscussion.com\/news\/"],"url":"https:\/\/hostingdiscussion.com\/news\/author\/justine-juyad\/"}]}},"views":299,"_links":{"self":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts\/4627","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/users\/20624"}],"replies":[{"embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/comments?post=4627"}],"version-history":[{"count":1,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts\/4627\/revisions"}],"predecessor-version":[{"id":4628,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts\/4627\/revisions\/4628"}],"wp:attachment":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/media?parent=4627"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/categories?post=4627"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/tags?post=4627"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}