HOMETHREATSStorm-0473
APT / THREAT GROUP

Storm-0473

🇰🇿KZ-attributed
1
campaigns
2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Storm-0473 (Tomiris) is a threat actor that has been active since at least 2019. They primarily target government and diplomatic entities in the Commonwealth of Independent States region, with occasional victims in other regions being foreign representations of CIS countries. Tomiris uses a wide variety of malware implants, including downloaders, backdoors, and file stealers, developed in different programming languages. They employ various attack vectors such as spear-phishing, DNS hijacking, and exploitation of vulnerabilities. There are potential ties between Tomiris and Turla, but they are considered separate threat actors with distinct targeting and tradecraft by Kaspersky.

Threat Analysis

Storm-0473 is a known-sophistication threat actor attributed to KZ, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

Storm-0473 — Active Operations March 2026

Storm-0473 is a unknown-motivation threat actor attributed to KZ. Storm-0473 (Tomiris) is a threat actor that has been active since at least 2019. They primarily target government and diplomatic entities in the Commonwealth of Independent States region, with occasional victims in other regions being foreign representations of CIS countries. Tom...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇰🇿 KZ
Aliases2
SourceMalpedia

Also Known As

UNC2849Storm-0473

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Storm-0473 — APT / Threat Group | Threat Intelligence | CTIWATCH.COM