Skip to content
Auto-CTI
Back to all actors

Storm-2372

Unknown Active
Mentions
1
First seen
07 Jul 2026
Last seen
07 Jul 2026

Relevant to you · Relevant

Threat focus:
phishing / becespionage / apt
Sector / region:
Manufacturing

Origin

Unattributed

Profile

Storm-2372 is a threat group notable for using the DEBULL tooling. This tooling abuses the Microsoft device-code flow to obtain authentication tokens. Targets are Microsoft 365 accounts, suggesting widespread phishing campaigns. The group may be state-sponsored or financially motivated.

Affected vendors

Microsoft

Associated malware / tools

DEBULL

Activity (8 weeks)

22
23
24
25
26
27
28
29

Recent activity

ESC