Cyber Resilience

Threat actor · all actors

Storm-0501G1053 unknown

aka Storm-0501

Last updated: 2026-07-03

0attributed CVEs
62ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Storm-0501](https://attack.mitre.org/groups/G1053) is a financially motivated cyber criminal group that uses commodity and open-source tools to conduct ransomware operations. [Storm-0501](https://attack.mitre.org/groups/G1053) has been active since 2021 and has previously been affiliated with Sabbath Ransomware and other Ransomware-as-a-Service (RaaS) variants such as Hive, [BlackCat](https://attack.mitre.org/software/S1068), Hunters International, [LockBit 3.0](https://attack.mitre.org/software/S1202), and [Embargo](https://attack.mitre.org/software/S1247) ransomware.(Citation: Avertium Storm-0501 Sabbath Ransomware Arcane January 2022)(Citation: Microsoft Storm-501 Sabbath Ransomware Embargo September 2024)(Citation: Microsoft Storm-0501 Embargo Ransomware August 2025)(Citation: Google Mandiant Storm-0501 Sabbath Ransomware November 2021)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-440 / 6265%
AC-338 / 6261%
AC-636 / 6258%
AC-235 / 6256%
CM-631 / 6250%
IA-230 / 6248%
AC-528 / 6245%
CM-727 / 6244%
CM-225 / 6240%
CM-523 / 6237%
SI-721 / 6234%
CA-719 / 6231%
IA-516 / 6226%
AC-415 / 6224%
RA-515 / 6224%

Co-occurring actors

None.

Similar actors