3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
DesertStorm

DesertStorm

ID: dc6e7baf0a1acfa234a4928e32cef34b55405
Cybercrime Cybercriminal
Threat types: Ransomware, Malware, Intrusion
Algeria
Updated: 2026-02-21
Created: 2026-02-19
Progress: 60% Completeness: 55% Freshness: 70%
Operation zone:
Aliases Limited alias preview
No aliases registered.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

DesertStorm is an online persona described in multiple OSINT reports as an associate/promoter linked to the FunkSec ransomware ecosystem, often connected to the alias 'Scorpion'. Reporting emphasizes claims/leak amplification and forum activity; direct technical artifacts (malware/C2) attributable to the persona are not established. ATT&CK mapping is therefore constrained and avoids attributing ransomware execution steps to the persona without direct evidence.


Technique Technique name Tactics Evidence
T1585.001 Social Media Accounts TA0042
  • 2025-01-10 — Persona described as promoting and amplifying ransomware-related narratives and claims in public/underground contexts. · ref
  • 2025-01-10 — Media reporting describes the promoter role and OPSEC lapse narrative associated with DesertStorm/Scorpion. · ref
T1584.001 Domains TA0042
  • 2025-01-10 — INFERENCE (confidence: low–medium): Posting and coordinating on underground platforms implies use of online services for operational coordination and publicity. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-02-22T00:36:22+00:00

DesertStorm — Persona / Promoter Associated with FunkSec (Ransomware Ecosystem)

Classification: TLP: WHITE — Open Source Intelligence (OSINT)

Category: Cyber / Hybrid — Underground forum presence; ransomware-adjacent promotion; claims ecosystem

Assessed home base: Algeria (OSINT-based assessment; see confidence notes)


Executive Summary

DesertStorm is an online persona assessed to be closely associated with the early promotion and ecosystem visibility of the FunkSec ransomware brand. Multiple independent OSINT reports describe DesertStorm as an alias of (or interchangeable with) “Scorpion,” a figure publicly linked to FunkSec-related posting activity and underground forum presence.

Reporting also highlights operational security lapses allegedly made by the persona (e.g., revealing location context in a publicly posted screenshot), and notes that DesertStorm/Scorpion was banned from Breached Forum in late 2024 after continued leak postings. These observations support an assessment that DesertStorm functioned primarily as a promoter/participant in a claims-and-leaks ecosystem, with mixed reliability of claims.

Confidence is medium–high that DesertStorm is materially linked to FunkSec’s public ecosystem footprint (as a promoter/associate persona), and medium that the persona’s operational base is Algeria based on OSINT assessments. Confidence is low–medium for any direct involvement in ransomware development or hands-on intrusion activity, as most reporting frames DesertStorm as a promoter/associate rather than a confirmed operator with technical artifacts attributable to the persona.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers — DesertStorm


Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview


Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-22T00:41:48+00:00

IOC Appendix (TLP:WHITE) — DesertStorm


More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-22T00:42:01+00:00

OSINT Library — DesertStorm


2025-01-10 — Check Point Research — “FunkSec – Alleged Top Ransomware Group Powered by AI”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.