From e497ec2b381ac764c3209972a4c6bed05392ead0 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 1 Feb 2024 11:02:05 -0800
Subject: [PATCH] [threat-actors] Add Storm-1575

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 26012d3..a8893d0 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14717,6 +14717,17 @@
       },
       "uuid": "2da09284-be56-49cd-ad18-993a6eb17af2",
       "value": "Storm-0835"
+    },
+    {
+      "description": "Storm-1575 is a threat actor identified by Microsoft as being involved in phishing campaigns using the Dadsec platform. They utilize hundreds of Domain Generated Algorithm domains to host credential harvesting pages and target global organizations to steal Microsoft 365 credentials.",
+      "meta": {
+        "refs": [
+          "https://www.bridewell.com/insights/blogs/detail/analysing-widespread-microsoft365-credential-harvesting-campaign",
+          "https://twitter.com/MsftSecIntel/status/1712936244987019704?lang=en"
+        ]
+      },
+      "uuid": "2485a9cb-b41c-43bd-8b1c-c64e919c0a4e",
+      "value": "Storm-1575"
     }
   ],
   "version": 298