Group profile
stormous
Stormous is an Arabic-speaking, pro-Russian ransomware and hacktivist group active since at least 2022, known for politically motivated attacks across 15+ countries, collaborating with GhostSec on the GhostLocker 2.0 RaaS platform and inheriting GhostSec's RaaS operations in mid-2024. On 1st July 2026 the group has annonced the end of their operations & ervices
Sectors hit
- Unspecified
- Consumer Services
- Public Sector
- Education
- Business Services
- Technology
- Manufacturing
- Energy
Countries hit
MITRE ATT&CK · observed TTPs
- TA0001Initial Access
- TA0002Execution
- TA0003Persistence
- TA0004Privilege Escalation
- T1548.002Abuse Elevation Control Mechanism: Bypass UAC
- TA0005Defense Evasion
- TA0006Credential Access
- T1003OS Credential Dumping
- TA0007Discovery
- TA0008Lateral Movement
- TA0009Collection
- TA0010Exfiltration
- TA0011Command and Control
- T1071.001Application Layer Protocol: Web Protocols
- TA0040Impact
- TA0042Resource Development
- T1588.002Obtain Capabilities: Tool
- TA0043Reconnaissance
- T1595Active Scanning