UnknownUnknown

Storm-0249

Access broker active since 2021, distributing BazaLoader, IcedID, Bumblebee and Emotet via phishing. Facilitates initial access for other threat actors including Storm-0501.

Compare attribution across sources →

Attribution signal

?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low

0.8

Low signal strength

Mentions3

Sources2

High conf.0

Last seenMay 2026

First observed

—

Last active

—

Origin

—

Aliases

Techniques

Campaigns

RegionsGlobal

Attribution signals

3 mentions · 2 sources

#1moderate

Infrastructure

security-affairs

May 2026

#2unspecified

Malware

cyberscoop

May 2026

#3unspecifiedunspecified

Unspecified

redcanary

May 2026

"Groups associated with these types of schemes include: SocGholish GootLoader STORM-0249 (via ClickFix)"

Hedge terms observed

unspecified