HOMETHREATSStorm-0940
APT / THREAT GROUP

Storm-0940

🇨🇳China-attributed
1
campaigns
3
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Storm-0940 is a Chinese threat actor active since at least 2021, known for gaining initial access through password spray and brute-force attacks, as well as exploiting network edge applications. Microsoft has observed Storm-0940 utilizing valid credentials obtained from CovertNetwork-1658's password spray operations, indicating a close operational relationship between the two. Once inside a victim environment, Storm-0940 has been seen leveraging compromised credentials for further malicious activities. Additionally, Storm-0940 has employed botnets, such as Quad7, to facilitate password spraying attacks.

Threat Analysis

Storm-0940 is a known-sophistication threat actor attributed to China, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

Storm-0940 — Active Operations March 2026

Storm-0940 is a unknown-motivation threat actor attributed to China. Storm-0940 is a Chinese threat actor active since at least 2021, known for gaining initial access through password spray and brute-force attacks, as well as exploiting network edge applications. Microsoft has observed Storm-0940 utilizing valid credentials obtained from CovertNet...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇨🇳 China
Aliases3
SourceMalpedia

Also Known As

ORB07CovertNetwork-1658Storm-0940

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.