Storm-1295, also tracked as DEV-1295, is a threat actor group that emerged in mid-2022. This group operates the Greatness phishing-as-a-service (PhaaS) platform, which differentiates it by offering adversary-in-the-middle (AiTM) capabilities to other attackers. The Greatness platform leverages synchronous relay servers to create convincing replica sign-in pages, specifically designed to bypass multi-factor authentication (MFA) and steal user credentials and session cookies. While involved in targeted attacks and associated with espionage and disruptive operations, its core function is the provision of this PhaaS infrastructure, indicating a primary financial motivation by enabling various cybercriminal activities.