Infiltrating the Cicada3301 Ransomware-as-a-Service Group

Oct. 18, 2024, 10:50 a.m.

Tags
ransomware
sophisticated
encryption
cicada3301
2024-10-18
multi-platform
affiliate
External References
Description

This analysis provides an in-depth look into the operations of the Cicada3301 Ransomware-as-a-Service (RaaS) group. It details the workflow of their affiliates within the panel and examines the multi-platform capabilities of their ransomware, encompassing Windows, Linux, ESXi, and even uncommon architectures like PowerPC. The group has swiftly targeted numerous organizations across critical sectors within just a few months, with a significant focus on the United States and the United Kingdom. Their sophisticated affiliate program recruits penetration testers and access brokers, offering commissions and a feature-rich web panel. The ransomware employs advanced encryption techniques and aggressive tactics to maximize disruption, making it a formidable threat.

Date

Published: Oct. 18, 2024, 10:45 a.m.

Created: Oct. 18, 2024, 10:45 a.m.

Modified: Oct. 18, 2024, 10:50 a.m.

Indicators

7b3022437b637c44f42741a92c7f7ed251845fd02dda642c0a47fde179bd984e

078163d5c16f64caa5a14784323fd51451b8c831c73396b967b4e35e6879937b

56e1d092c07322d9dad7d85d773953573cc3294b9e428b3bbbaf935ca4d2f7e7

3969e1a88a063155a6f61b0ca1ac33114c1a39151f3c7dd019084abd30553eab

Download all indicators here!

Attack Patterns

Cicada3301

Cicada3301

T1490

T1059.001

T1070.004

T1489

T1486

T1016

T1570

T1046

Additional Informations

United Kingdom of Great Britain and Northern Ireland

United States of America