Storm-2372
Unknown Active
- Mentions
- 1
- First seen
- 07 Jul 2026
- Last seen
- 07 Jul 2026
Relevant to you · Relevant
- Threat focus:
- phishing / becespionage / apt
- Sector / region:
- Manufacturing
Origin
Unattributed
Profile
Storm-2372 is a threat group notable for using the DEBULL tooling. This tooling abuses the Microsoft device-code flow to obtain authentication tokens. Targets are Microsoft 365 accounts, suggesting widespread phishing campaigns. The group may be state-sponsored or financially motivated.
Affected vendors
Microsoft
Associated malware / tools
DEBULL