From eb8db810c0c7d0d58370a043e039b12f380b2411 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 1 Feb 2024 11:02:05 -0800
Subject: [PATCH] [threat-actors] Add Storm-1152

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index d95aae4..674a47e 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14649,6 +14649,19 @@
       },
       "uuid": "760b350c-522e-432d-80c5-7aab0eaf8873",
       "value": "Storm-0539"
+    },
+    {
+      "description": "Storm-1152, a cybercriminal group, was recently taken down by Microsoft for illegally reselling Outlook accounts. They operated by creating approximately 750 million fraudulent Microsoft accounts and earned millions of dollars in illicit revenue. Storm-1152 also offered CAPTCHA-solving services and was connected to ransomware and extortion groups. Microsoft obtained a court order to seize their infrastructure and domains, disrupting their operations.",
+      "meta": {
+        "country": "VN",
+        "refs": [
+          "https://securityboulevard.com/2023/12/microsoft-storm-1152-crackdown-stopping-threat-actors/",
+          "https://blogs.microsoft.com/on-the-issues/2023/12/13/cybercrime-cybersecurity-storm-1152-fraudulent-accounts/",
+          "https://www.rewterz.com/rewterz-news/rewterz-threat-update-microsoft-warns-of-emerging-threat-by-storm-0539-behind-gift-card-frauds/"
+        ]
+      },
+      "uuid": "e18dca82-0524-4338-9a66-e13e67c81ac4",
+      "value": "Storm-1152"
     }
   ],
   "version": 298