Storm-0324 is a financially motivated threat actor that has been facilitating ransomware deployment and allowing access to compromised networks/devices to other threat actors since 2019. Since July 2023, Storm-0324 has been exploiting MS Teams chats using an open-source tool to distribute payloads and send phishing lures to facilitate a particular cybercrime group, Sangria Tempest.
Source: HackRead