EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • Russian Intelligence-Linked Hackers Storm-2372 Target Instant Messaging Services
    • Home
    • Cybercrime
    • Russian Intelligence-Linked Hackers Storm-2372 Target Instant Messaging Services

    Russian Intelligence-Linked Hackers Storm-2372 Target Instant Messaging Services

    Written by
    The Editorial Team
    02.19.25
    Cybercrime
    01
    MIN
    Russian Intelligence-Linked Hackers Storm-2372 Target Instant Messaging Services
    Russian Intelligence-Linked Hackers Storm-2372 Target Instant Messaging Services
    Russian Intelligence-Linked Hackers Storm-2372 Target Instant Messaging Services
    Image A Russian Cybercriminal Accused of Collaborating with the FBI
    Cybercrime
    02.10.25 Cybercrime
    Next article
    A Russian Cybercriminal Accused of Collaborating with the FBI
    Read
    01
    MIN
    Image Europol coordinated the takedown of the cybercriminal forums Cracked and Nulled
    Cybercrime
    02.03.25 Cybercrime
    Next article
    Europol coordinated the takedown of the cybercriminal forums Cracked and Nulled
    Read
    01
    MIN
    Image EU Sanctions Three Russian Agents for Cyberattacks Against Estonia
    Cybercrime
    02.02.25 Cybercrime
    Next article
    EU Sanctions Three Russian Agents for Cyberattacks Against Estonia
    Read
    01
    MIN
    Image From misinformation to resilience: teaching open-source investigation for a better future
    Cyber stability
    01.29.25 Cyber stability
    Next article
    From misinformation to resilience: teaching open-source investigation for a better future
    Read
    07
    MIN
    Microsoft’s security teams published a report on February 13, 2025, detailing phishing attacks carried out by Storm-2372, a hacker group affiliated with Russian intelligence. The cybercriminals targeted users of instant messaging apps such as WhatsApp, Signal, and Microsoft Teams with fake invitations to online meetings.

    This campaign also involved social engineering tactics, as the attackers impersonated real individuals—colleagues or potential clients of their victims. They took the time to establish a trusted relationship before inviting the target to a video call via a link leading to a fake login page for such a service.

    This fake page allowed Storm-2372 to steal login credentials and passwords before requesting a two-factor authentication code. This enabled the hackers to access and take control of the victim’s account, granting them entry to numerous sensitive services.

    The phishing campaign, which began in August 2024, primarily targeted European governments and Western companies in the tech, defense, energy, and healthcare sectors.

    The Editorial Team
    02.19.25
    Articles by the same author:
    1
    02.17.25 Cybercrime
    Microsoft Warns About BadPilot, a Unit of Russian State-Sponsored Group Sandworm
    Read
    01
    MIN
    2
    02.17.25 Digital identity
    Identity Security: Israel’s CyberArk Acquires Zilla Security for $175 Million
    Read
    01
    MIN
    3
    02.17.25 Cybercrime
    Europol Coordinates the Takedown of 8Base Ransomware, a Phobos Variant
    Read
    02
    MIN
    4
    02.10.25 Industry and OT
    A New Russian Cybercriminal Group Targets U.S. Oil and Gas Facilities
    Read
    01
    MIN
    Image A Russian Cybercriminal Accused of Collaborating with the FBI
    Cybercrime
    02.10.25 Cybercrime
    Next article
    A Russian Cybercriminal Accused of Collaborating with the FBI
    Read
    01
    MIN
    Image Europol coordinated the takedown of the cybercriminal forums Cracked and Nulled
    Cybercrime
    02.03.25 Cybercrime
    Next article
    Europol coordinated the takedown of the cybercriminal forums Cracked and Nulled
    Read
    01
    MIN
    Image EU Sanctions Three Russian Agents for Cyberattacks Against Estonia
    Cybercrime
    02.02.25 Cybercrime
    Next article
    EU Sanctions Three Russian Agents for Cyberattacks Against Estonia
    Read
    01
    MIN
    Image From misinformation to resilience: teaching open-source investigation for a better future
    Cyber stability
    01.29.25 Cyber stability
    Next article
    From misinformation to resilience: teaching open-source investigation for a better future
    Read
    07
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.