HOMETHREATSStorm-0867
APT / THREAT GROUP

Storm-0867

🇪🇬EG-attributed
1
campaigns
2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Storm-0867 is a threat actor that has been active since 2012 and has targeted various industries and regions. They employ sophisticated phishing campaigns, utilizing social engineering techniques and a phishing as a service platform called Caffeine. Their attacks involve intercepting and manipulating communication between users and legitimate services, allowing them to steal passwords, hijack sign-in sessions, bypass multifactor authentication, and modify authentication methods.

Threat Analysis

Storm-0867 is a known-sophistication threat actor attributed to EG, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

Storm-0867 — Active Operations March 2026

Storm-0867 is a unknown-motivation threat actor attributed to EG. Storm-0867 is a threat actor that has been active since 2012 and has targeted various industries and regions. They employ sophisticated phishing campaigns, utilizing social engineering techniques and a phishing as a service platform called Caffeine. Their attacks involve intercep...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇪🇬 EG
Aliases2
SourceMalpedia

Also Known As

Storm-0867DEV-0867

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.