Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

Storm-2561

Storm-2561 uses SEO poisoning to deliver trojan VPN clients that steal credentials

Cybercrime, News, Vendors

March 14, 2026

Microsoft disclosed a credential theft campaign that used SEO poisoning to deliver digitally signed trojan VPN clients that harvest credentials. The activity was observed in mid-January 2026 and is linked to Storm-2561.

About
Editorial Policy
Privacy
Contact