Threat Intelligence / Actor / Multiple Groups (STORM-0501, CrazyHunter, LockBit affiliates)
Multiple Groups (STORM-0501, CrazyHunter, LockBit affiliates)
Also known as: STORM-0501, CrazyHunter, LockBit, Embargo, Storm-0501
Tracked threats
- Human-Operated Ransomware via GPO Abuse — Domain-Wide Encryption Through Group Policy Weaponization — HIGH
Full actor intelligence — infrastructure, IOCs, detection coverage and operator fingerprints — is available via the Threadlinqs MCP server (Purple tier). View plans →