Akira Ransomware Targets the LATAM Airline Industry
July 16, 2024, 10:26 a.m.
Tags
External References
Description
An in-depth analysis examined a threat actor utilizing Akira ransomware to compromise a Latin American airline. The attacker gained initial network access via SSH, exploiting a vulnerability in Veeam backup software, and subsequently exfiltrated critical data before deploying the ransomware payload the following day. The attack leveraged various legitimate tools and techniques, enabling reconnaissance, persistence, and widespread encryption of victim systems in a double-extortion scheme.
Date
Published: July 16, 2024, 9:53 a.m.
Created: July 16, 2024, 9:53 a.m.
Modified: July 16, 2024, 10:26 a.m.
Indicators
9b42decb7ea825b939fc36ab924e0c80324e0a4eccb4c371eac60a8672af9603
77.247.126.158
Attack Patterns
Akira
Storm-1567
T1136.002
T1222.001
T1021.002
T1021.004
T1069
T1087.001
T1136.001
T1021.001
T1537
T1588.002
T1048
T1490
T1482
T1560.001
T1018
T1531
T1204.001
T1059.001
T1562.001
T1489
T1486
T1016
T1105
T1083
T1570
T1047
T1219
T1098
T1112
T1190
T1133
T1078
CVE-2023-27532
CVE-2023-20269
CVE-2020-3259
Additional Informations
Transportation