216.73.217.22

Howling Scorpius (Akira Ransomware)

· Published 03/12/2024 16:35 · Modified 03/12/2024 16:54

Export JSON

Essential information

Published
03/12/2024 16:35
Modified
03/12/2024 16:54
Tags
2024-12-03 akira double-extortion howling scorpius megazord raas ransomware
Related entities
4 vulnerabilities (cve), 44 observables, 1 intrusion sets (apt), 18 techniques (mitre), 2 malware, 10 others

Description

, the entity behind -as-a-service, has become one of the top five most active groups since emerging in early 2023. They target small to medium-sized businesses across various sectors in North America, Europe, and Australia using a double extortion strategy. The group operates Windows and Linux/ESXi encryptors, and is actively enhancing its toolkit. Their tactics include exploiting vulnerable VPN services, using valid accounts from dark web brokers, targeting RDP, and conducting spear-phishing campaigns. They employ tools like Mimikatz and LaZagne for credential access, and use WinRAR, WinSCP, RClone, and FileZilla for data exfiltration. The group has also introduced new variants like and v2, demonstrating ongoing development efforts.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Vulnerabilities (CVE) (4)

CVE-2024-0012 KEV
9.8 Critical

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to …

Attack vector
Network
Published
18/11/2024
Modified
21/12/2025
Undergoing Analysis
CVE-2024-9474 KEV
7.2 High

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to …

Attack vector
Network
Published
18/11/2024
Modified
21/12/2025
Undergoing Analysis
CVE-2023-20269 KEV
5.0 Medium

Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct …

Attack vector
Network
Published
13/09/2023
Modified
21/12/2025
CVE-2020-3259 KEV

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on …

Published
15/02/2024
Modified
21/12/2025

Observables (44)

  • e702a572b514984deacaa54408059c6eac28e46111cb6f0f4190a3a6a72dd41d
  • cc970bd2673e46c7e0df5430ab617bc2a9214b4d5c2c44252af681a08ff526a8
  • 9f873c29a38dd265decb6517a2a1f3b5d4f90ccd42eb61039086ea0b5e74827e
  • 7ca3e6b4dd4d98506faa92ab590108cacb2945b8c27dcf1ac75b0df4a206493a
  • 74f497088b49b745e6377b32ed5d9dfaef3c84c7c0bb50fabf30363ad2e0bfb1
  • 6a5e547756ef1256f1eb9df0249245c35461affd009be8f046559bc007cafcf2
  • 67f82a54ea49c6f286681d179cc7afc8b41b6b34284cc17bdd52916cc3656160
  • 5f72bdb14e138f10c1658248fdaf10db2fd1e812240966e009bbcf8d463e099c
  • 58e9cd249d947f829a6021cf6ab16c2ca8e83317dbe07a294e2035bb904d0cf3
  • 56f1014eb2d145c957f9bc0843f4e506735d7821e16355bcfbb6150b1b5f39db
  • 3dc7d4023c7380ed740ac5ac7d82a4ba6f587f430b2b7b66f1d34a44f89c39cb
  • 3999a25f8f0fd8252aa9250fa9bd70aae202f181812cc6c230c8ea2842340f18
  • 300bc2769c6d62ba9d228cc45e126cd458e1a23fd23092da258053afd82f2755
  • 2db4a15475f382e34875b37d7b27c3935c7567622141bc203fde7fe602bc8643
  • 2727c73f3069457e9ad2197b3cda25aec864a2ab8da3c2790264d06e13d45c3d
  • 1ba1ccfacffbb6be9480380f5535a30d3eee1dd7787f3c649ebf8ea2a6a5de51
  • 08207409e1d789aea68419b04354184490ce46339be071c6c185c75ab9d08cba
  • e3fa93dad8fb8c3a6d9b35d02ce97c22035b409e0efc9f04372f4c1d6280a481
  • dfe6fddc67bdc93b9947430b966da2877fda094edf3e21e6f0ba98a84bc53198
  • c0c0b2306d31e8962973a22e50b18dfde852c6ddf99baf849e3384ed9f07a0d6
  • bcae978c17bcddc0bf6419ae978e3471197801c36f73cff2fc88cecbe3d88d1a
  • b55fbe9358dd4b5825ce459e84cd0823ecdf7b64550fe1af968306047b7de5c9
  • a6b0847cf31ccc3f76538333498f8fef79d444a9d4ecfca0592861cf731ae6cb
  • 9f393516edf6b8e011df6ee991758480c5b99a0efbfd68347786061f0e04426c
  • 95477703e789e6182096a09bc98853e0a70b680a4f19fa2bf86cbb9280e8ec5a
  • 8e9a33809b9062c5033928f82e8adacbef6cd7b40e73da9fcf13ec2493b4544c
  • 8816caf03438cd45d7559961bf36a26f26464bab7a6339ce655b7fbad68bb439
  • 68d5944d0419bd123add4e628c985f9cbe5362ee19597773baea565bff1a6f1a
  • 6005dcbe15d60293c556f05e98ed9a46d398a82e5ca4d00c91ebec68a209ea84
  • 43c5a487329f5d6b4a6d02e2f8ef62744b850312c5cb87c0a414f3830767be72
  • 3805f299d33ef43d17a5a1040149f0e5e2d5db57ec6f03c5687ac23db1f77a30
  • 2f629395fdfa11e713ea8bf11d40f6f240acf2f5fcf9a2ac50b6f7fbc7521c83
  • 28cea00267fa30fb63e80a3c3b193bd9cd2a3d46dd9ae6cede5f932ac15c7e2e
  • 0ee1d284ed663073872012c7bde7fac5ca1121403f1a5d2d5411317df282796c
  • 9585af44c3ff8fd921c713680b0c2b3bbc9d56add848ed62164f7c9b9f23d065
  • 7f731cc11f8e4d249142e99a44b9da7a48505ce32c4ee4881041beeddb3760be
  • 3298d203c2acb68c474e5fdad8379181890b4403d6491c523c13730129be3f75
  • 131da83b521f610819141d5c740313ce46578374abb22ef504a7593955a65f07
  • c9c94ac5e1991a7db42c7973e328fceeb6f163d9f644031bdfd4123c7b3898b0
  • 82e25f32e01f1898ccce2b6d5292245759733c22a104443a8a9c7db1ebf05c57
  • 0c0e0f9b09b80d87ebc88e2870907b6cacb4cd7703584baf8f2be1fd9438696d
  • 1d3b5c650533d13c81e325972a912e3ff8776e36e18bca966dae50735f8ab296
  • 678ec8734367c7547794a604cc65e74a0f42320d85a6dce20c214e3b4536bb33
  • 1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc

Intrusion sets (APT) (1)

Techniques (MITRE) (18)

Malware (2)

  • Akira - S1129
    Family
    Published 03/12/2024 16:35 · Modified 03/12/2024 16:35
  • Megazord
    Family
    Published 03/12/2024 16:35 · Modified 03/12/2024 16:35

Others (10)

  • Australia
  • Canada
  • United States of America
  • Pharmaceuticals
  • Consulting
  • Technology
  • Education
  • Telecommunications
  • Government
  • Manufacturing

External references