Storm-0501
Storm-0501 is a financially motivated cyber criminal group that uses commodity and open-source tools to conduct ransomware operations. Storm-0501 has been active since 2021 and has previously been affiliated with Sabbath Ransomware and other Ransomware-as-a-Service (RaaS) variants such as Hive, BlackCat, Hunters International, LockBit 3.0, and Embargo ransomware.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low0.7
Low signal strength
Mentions2
Sources2
High conf.0
Last seenMay 2026
First observed
2025-10-19
Last active
—
Origin
Unknown — financially motivated cybercriminal group
Aliases
1
Techniques
42
Campaigns
0
Attribution signals
2 mentions · 2 sources#1moderate
Infrastructure
security-affairs
May 2026
#2unspecified
Malware
cyberscoop
May 2026