Infiltrating the Cicada3301 Ransomware-as-a-Service Group
Oct. 18, 2024, 10:50 a.m.
Tags
External References
Description
This analysis provides an in-depth look into the operations of the Cicada3301 Ransomware-as-a-Service (RaaS) group. It details the workflow of their affiliates within the panel and examines the multi-platform capabilities of their ransomware, encompassing Windows, Linux, ESXi, and even uncommon architectures like PowerPC. The group has swiftly targeted numerous organizations across critical sectors within just a few months, with a significant focus on the United States and the United Kingdom. Their sophisticated affiliate program recruits penetration testers and access brokers, offering commissions and a feature-rich web panel. The ransomware employs advanced encryption techniques and aggressive tactics to maximize disruption, making it a formidable threat.
Date
Published: Oct. 18, 2024, 10:45 a.m.
Created: Oct. 18, 2024, 10:45 a.m.
Modified: Oct. 18, 2024, 10:50 a.m.
Indicators
7b3022437b637c44f42741a92c7f7ed251845fd02dda642c0a47fde179bd984e
078163d5c16f64caa5a14784323fd51451b8c831c73396b967b4e35e6879937b
56e1d092c07322d9dad7d85d773953573cc3294b9e428b3bbbaf935ca4d2f7e7
3969e1a88a063155a6f61b0ca1ac33114c1a39151f3c7dd019084abd30553eab
cicadabv7vicyvgz5khl7v2x5yygcgow7ryy6yppwmxii4eoobdaztqd.onion
Attack Patterns
Cicada3301
Cicada3301
T1490
T1059.001
T1070.004
T1489
T1486
T1016
T1570
T1046
Additional Informations
United Kingdom of Great Britain and Northern Ireland
United States of America