Storm-2561 is a apt_group tracked across 2 threat clusters and 2 intelligence report mentions on ThreatCluster. First observed March 13, 2026; most recent activity May 19, 2026.
On May 19, 2026, Microsoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) operation that provided over 1,000 fraudulent code-signing certificates to cybercriminals, enabling them to disguise malware as…
Cybercriminal group Storm-2561 is exploiting SEO poisoning to distribute trojanized VPN clients, primarily targeting enterprise users of popular VPN solutions like Pulse Secure, Ivanti, and Cisco. The attackers…