Full Report
2025-02-13 • Microsoft • Microsoft Threat Intelligence Open article on Malpedia
Analysis Summary
# Threat Actor: Storm-2372
## Attribution & Identity
Threat actor identified as Storm-2372. Attribution information is sparse based solely on the provided article description, but the report originates from Microsoft Threat Intelligence.
## Activity Summary
Storm-2372 is currently conducting a device code phishing campaign.
## Tactics, Techniques & Procedures
* Device Code Phishing (Likely related to authentication/MFA bypass techniques)
- No specific MITRE ATT&CK IDs are provided in the context.
## Targeting
- Sectors: Not specified in the brief context.
- Geography: Not specified in the brief context.
- Victims: Not specified in the brief context.
## Tools & Infrastructure
- Malware families used: Not specified in the brief context.
- Infrastructure (C2, domains, IPs): Not specified in the brief context.
## Implications
Storm-2372 is actively employing phishing techniques targeting device code features, indicating a focus on compromising user credentials and potentially gaining persistence or bypassing multi-factor authorization mechanisms.
## Mitigations
- Defend against device code phishing attempts.
- Monitor for anomalous authentication requests, especially those bypassing standard interactive sign-in prompts.