The threat actor group known as Storm-0249 is employing sophisticated techniques to conduct stealthy attacks by exploiting Endpoint Detection and Response (EDR) processes. This method allows them to operate with reduced detection within compromised networks.

How Storm-0249 Evades Detection

Storm-0249’s strategy involves manipulating EDR processes. They either disable these critical security mechanisms or generate false positives to obscure their malicious activities. By using legitimate tools and living-off-the-land binaries (LOLBINs), the group executes its operations. This approach enables them to blend into the normal network traffic and maintain persistence without triggering alerts from EDR solutions.

Attack Objectives and Impact

The primary objectives of Storm-0249’s attacks include data exfiltration and credential harvesting. Their ability to circumvent EDR systems provides them with an extended window to achieve these goals within compromised environments. Microsoft has identified this group and detailed their tactics, techniques, and procedures, highlighting the advanced nature of their covert operations.

Source: https://www.darkreading.com/cyberattacks-data-breaches/storm-0249-edr-processes-stealthy-attacks