Storm-0324, also known as DEV-0324, TA543, or Sagrid, is a financially motivated cybercriminal group specializing in initial access to corporate networks. Their modus operandi primarily involves phishing schemes sent via email that lead to the delivery of various malware payloads, including but not limited to, banking trojans and ransomware. Importantly, Storm-0324 acts as a gateway for other threat actors, handing off access to compromised networks for further exploitation, such as ransomware attacks.