The Stormous Ransomware Gang's Attack on CONFIDO

The Stormous ransomware gang has attacked CONFIDO. CONFIDO is a technical services consultancy headquartered in Dubai, UAE. Stormous posted CONFIDO to its data leak site on March 27th but provided no further information.

Background of Stormous

Stormous is a ransomware gang first identified in mid-2021. According to a mission statement published by the organization, its objective is to attack targets in the U.S. and other Western nations. However, in 2022 the group added Ukraine and India to this list. Stormous listing countries, not companies, suggests that politics is a primary motivator for the group.

Communication Channels

The group communicates through a Telegram channel and an .onion website. There is little chatter on the Telegram channel, with the conversation mainly comprising the group's proclamations.

Operational Tactics

While the group identifies itself as a ransomware gang, it does not operate as a Ransomware-as-a-Service (RaaS) operation, and it's unknown what type of ransomware it may be using in its campaigns.

Comparative Analysis

The group's motivating principles and behavior somewhat resemble the Lapsus$ hacker group, which targets entities mainly in the Western hemisphere. Like Lapsus$, Stormous is quite "loud" online and looks to attract attention to itself, making splashy proclamations on the Dark Web and utilizing Telegram to communicate with its audience and organize.