Threat Group: Storm-1575
Threat Type: Phishing-as-a-Service (PhaaS)
Exploited Vulnerabilities: User credentials and session cookies
Malware Used: Rockstar 2FA phishing kit
Threat Score: High (8.5/10) — Due to its capability to bypass multi-factor authentication (MFA) and widespread targeting of Microsoft 365 users.
Last Threat Observation: November 30, 2024
Overview
The