HOMETHREATSStorm-0381
APT / THREAT GROUP💰 FINANCIALHIGH

Storm-0381

🇷🇺Russia-attributed
1
campaigns
2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Storm-0381 is a threat actor identified by Microsoft as a Russian cybercrime group. They are known for their use of malvertising to deploy Magniber, a type of ransomware.

Threat Analysis

Storm-0381 is a high-sophistication threat actor attributed to Russia, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like Storm-0381 prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

With high sophistication, Storm-0381 is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.

Known Campaigns

Storm-0381 — Active Operations March 2026

Storm-0381 is a financial threat actor attributed to Russia. Storm-0381 is a threat actor identified by Microsoft as a Russian cybercrime group. They are known for their use of malvertising to deploy Magniber, a type of ransomware....

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Origin🇷🇺 Russia
Aliases2
SourceMalpedia

Also Known As

Storm-0381DEV-0381

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Storm-0381 — APT / Threat Group | Threat Intelligence | CTIWATCH.COM