Today > | 7 High | 24 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Akira Ransomware Targets the LATAM Airline Industry

July 16, 2024, 10:26 a.m.

Description

An in-depth analysis examined a threat actor utilizing Akira ransomware to compromise a Latin American airline. The attacker gained initial network access via SSH, exploiting a vulnerability in Veeam backup software, and subsequently exfiltrated critical data before deploying the ransomware payload the following day. The attack leveraged various legitimate tools and techniques, enabling reconnaissance, persistence, and widespread encryption of victim systems in a double-extortion scheme.

Date

Published: July 16, 2024, 9:53 a.m.

Created: July 16, 2024, 9:53 a.m.

Modified: July 16, 2024, 10:26 a.m.

Indicators

9b42decb7ea825b939fc36ab924e0c80324e0a4eccb4c371eac60a8672af9603

77.247.126.158

Attack Patterns

Akira

Storm-1567

T1136.002

T1222.001

T1021.002

T1021.004

T1069

T1087.001

T1136.001

T1021.001

T1537

T1588.002

T1048

T1490

T1482

T1560.001

T1018

T1531

T1204.001

T1059.001

T1562.001

T1489

T1486

T1016

T1105

T1083

T1570

T1047

T1219

T1098

T1112

T1190

T1133

T1078

CVE-2023-27532

CVE-2023-20269

CVE-2020-3259

Additional Informations

Transportation