Cyber Resilience

Threat actor · all actors

Storm-1811G1046 unknown

aka Storm-1811

Last updated: 2026-07-03

0attributed CVEs
47ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Storm-1811](https://attack.mitre.org/groups/G1046) is a financially-motivated entity linked to [Black Basta](https://attack.mitre.org/software/S1070) ransomware deployment. [Storm-1811](https://attack.mitre.org/groups/G1046) is notable for unique phishing and social engineering mechanisms for initial access, such as overloading victim email inboxes with non-malicious spam to prompt a fake "help desk" interaction leading to the deployment of adversary tools and capabilities.(Citation: Microsoft Storm-1811 2024)(Citation: rapid7-email-bombing)(Citation: RedCanary Storm-1811 2024)(Citation: RedCanary June Insights 2024)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-427 / 4757%
CM-626 / 4755%
CM-222 / 4747%
SI-320 / 4743%
AC-318 / 4738%
CM-718 / 4738%
CA-717 / 4736%
AC-216 / 4734%
AC-615 / 4732%
SI-1014 / 4730%
SI-714 / 4730%
AC-413 / 4728%
SC-712 / 4726%
IA-29 / 4719%
AC-58 / 4717%

Co-occurring actors

None.

Similar actors

Similar TTPs