The financially motivated group has been active since May 2025, impersonating Fortinet, Ivanti, Cisco, and other vendors to steal corporate credentials.
Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results