Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

Infiltrating the Cicada3301 Ransomware-as-a-Service Group

Oct. 18, 2024, 10:50 a.m.

Description

This analysis provides an in-depth look into the operations of the Cicada3301 Ransomware-as-a-Service (RaaS) group. It details the workflow of their affiliates within the panel and examines the multi-platform capabilities of their ransomware, encompassing Windows, Linux, ESXi, and even uncommon architectures like PowerPC. The group has swiftly targeted numerous organizations across critical sectors within just a few months, with a significant focus on the United States and the United Kingdom. Their sophisticated affiliate program recruits penetration testers and access brokers, offering commissions and a feature-rich web panel. The ransomware employs advanced encryption techniques and aggressive tactics to maximize disruption, making it a formidable threat.

Date

Published: Oct. 18, 2024, 10:45 a.m.

Created: Oct. 18, 2024, 10:45 a.m.

Modified: Oct. 18, 2024, 10:50 a.m.

Indicators

7b3022437b637c44f42741a92c7f7ed251845fd02dda642c0a47fde179bd984e

078163d5c16f64caa5a14784323fd51451b8c831c73396b967b4e35e6879937b

56e1d092c07322d9dad7d85d773953573cc3294b9e428b3bbbaf935ca4d2f7e7

3969e1a88a063155a6f61b0ca1ac33114c1a39151f3c7dd019084abd30553eab

cicadabv7vicyvgz5khl7v2x5yygcgow7ryy6yppwmxii4eoobdaztqd.onion

Attack Patterns

Cicada3301

Cicada3301

T1490

T1059.001

T1070.004

T1489

T1486

T1016

T1570

T1046

Additional Informations

United Kingdom of Great Britain and Northern Ireland

United States of America