Storm-2460 is a financially motivated ransomware threat actor that emerged in early 2025. This group is distinguished by its rapid weaponization and exploitation of Windows kernel zero-day vulnerabilities, such as those found in the Common Log File System (CLFS) driver, to achieve privilege escalation and facilitate ransomware deployment. Their operations are characterized by the use of the modular PipeMagic backdoor, which is often disguised as legitimate software, demonstrating a focused, post-compromise strategy to elevate access and deploy their payloads. While some researchers have linked activity to other groups like Play ransomware, Microsoft, the primary source of intelligence on Storm-2460, does not associate the two.