Menu
Browse

Cyber Threat Actor: Stormous

Actor Type Location Known Incidents
 Icon
Criminal
Russia
6 incidents
Profile

The threat actor known as Stormous, also referred to as the Stormous gang, presents itself as a ransomware group in its public communications. Open‑source reporting indicates that the group’s observed behavior aligns more closely with data extortion than with the deployment of file‑encrypting ransomware. Stormous has publicly stated that it will act against hacker attacks directed at Russia following the 2022 invasion of Ukraine, indicating a geopolitical stance tied to that conflict. The actor uses the name Stormous across its Telegram channel and leak‑site communications to announce alleged breaches and offer stolen data for sale. No public attribution to a state sponsor or criminal consortium has been made in available sources.

Stormous has claimed intrusions against a multinational beverage company, a major video‑game platform, and a European university. In the Coca‑Cola incident the group asserted it exfiltrated 161 GB of data and offered the material for 1.65 bitcoin, roughly equivalent to $64 000 at the time. For the Epic Games claim the group said it stole 200 GB of data and personal details of roughly 33 million users of the Epic store and games. The University of Tor Vergata allegation involved the sale of allegedly stolen data for approximately $2 000. None of these assertions have been independently verified by the affected organizations or law‑enforcement agencies.

The group’s described tactics involve stealing data, posting proof of the theft on a leak site, and offering the material for sale in cryptocurrency. Listed artefacts have included compressed documents, text files containing administrator credentials, email correspondence, password dumps, and account‑payment archives. Stormous has not been observed deploying ransomware that encrypts files; its public statements emphasize data theft and extortion rather than encryption. No specific malware families, exploit kits, or initial‑access vectors have been disclosed in public reports. The actor’s stated motivation includes opposing hacker activity against Russia in the context of the Ukraine conflict, although no explicit state linkage has been established.

Coca‑Cola confirmed it is investigating the Stormous claim and, at the time of reporting, had found no evidence of a material impact. Epic Games and the University of Tor Vergata have not publicly confirmed the alleged breaches. The lack of corroboration means the group’s reputation for the veracity of its claims remains unverified in open sources. Despite the uncertainty, Stormous continues to use its leak site and Telegram channel to advertise stolen data and to issue statements aligned with its proclaimed geopolitical stance.

Incidents
Attributed incidents available to members
6 incidents
Sources
Sources available to members
4 sources