Tag: akira

8 Attack Reports | 0 Vulnerabilities

Attack reports

Not-so-SimpleHelp exploits enabling deployment of Sliver backdoor

A sophisticated breach was identified where threat actors exploited vulnerabilities in SimpleHelp's Remote Monitoring and Management client to infiltrate a network. The attack involved post-compromise tactics including network discovery, administrator account creation, and persistence establishment…
backdoor
exploit
rmm
sliver
lateral movement
akira
cloudflared
2025-02-07
simplehelp
Published: February 7, 2025
Downloadable IOCs: 6

Inside Akira Ransomware's Rust Experiment

Check Point Research analyzed the Rust version of Akira ransomware that targeted ESXi servers in early 2024. The malware's complex assembly is attributed to Rust idioms, boilerplate code, and compiler strategies. The analysis reveals the ransomware's use of the seahorse CLI framework, indicatif lib…
ransomware
rust
akira
2024-12-03
Published: December 3, 2024
Downloadable IOCs: 0

Howling Scorpius (Akira Ransomware)

Howling Scorpius, the entity behind Akira ransomware-as-a-service, has become one of the top five most active ransomware groups since emerging in early 2023. They target small to medium-sized businesses across various sectors in North America, Europe, and Australia using a double extortion strategy…
ransomware
akira
raas
double extortion
megazord
2024-12-03
howling scorpius
Published: December 3, 2024
Downloadable IOCs: 44

Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN

Since early August, there has been a significant increase in Fog and Akira ransomware intrusions targeting SonicWall SSL VPN users across various industries. The attacks appear opportunistic rather than targeting specific sectors. All affected devices lacked patches for CVE-2024-40766. Initial acce…
ransomware
vpn
data exfiltration
akira
CVE-2024-40766
2024-10-24
sonicwall
initial access
fog
Published: October 24, 2024
Downloadable IOCs: 16

Akira ransomware continues to evolve

Akira ransomware has established itself as a prominent threat, constantly evolving its tactics. Initially employing double-extortion, it shifted focus to data exfiltration in early 2024. The group developed a Rust variant of their ESXi encryptor, moving away from C++. Recently, Akira has returned t…
linux
ransomware
windows
rust
CVE-2024-37085
vulnerability exploitation
akira
CVE-2023-27532
esxi
CVE-2024-40766
CVE-2023-48788
double-extortion
CVE-2024-40711
CVE-2023-20269
2024-10-22
CVE-2020-3259
CVE-2023-20263
chacha8
megazord
Published: October 22, 2024
Downloadable IOCs: 37

Threat Brief: Understanding Akira Ransomware

Akira is a prolific ransomware operating since March 2023, targeting multiple industries in North America, the UK, and Australia. It functions as Ransomware as a Service (RaaS) and employs double extortion tactics. Akira has connections to the disbanded Conti group, sharing code similarities and op…
ransomware
lateral movement
conti
akira
raas
2024-10-04
double extortion
defense evasion
CVE-2023-20269
chacha encryption
CVE-2019-6693
credential dumping
CVE-2021-21972
CVE-2022-40684
Published: October 4, 2024
Downloadable IOCs: 3

Akira Ransomware Targets the LATAM Airline Industry

An in-depth analysis examined a threat actor utilizing Akira ransomware to compromise a Latin American airline. The attacker gained initial network access via SSH, exploiting a vulnerability in Veeam backup software, and subsequently exfiltrated critical data before deploying the ransomware payload…
linux
ransomware
exfiltration
akira
CVE-2023-27532
2024-07-16
ssh
backup
Published: July 16, 2024
Downloadable IOCs: 2

Ransomware: Activity Levels Remain High Despite Disruption

While overall activity levels dipped slightly in the first quarter of 2024, the number of claimed attacks remained high, with LockBit accounting for over 20%. The report explores the changing tactics employed by ransomware actors, including the exploitation of vulnerabilities, the use of Bring-Your…
ransomware
lockbit
vulnerability
blackcat
alphv
encryption
phobos
cyclops blink
CVE-2024-4577
noberus
tellyouthepass
blacksuit
2024-07-11
akira
warp av killer
qilin
disruption
Published: July 11, 2024
Downloadable IOCs: 27
Click here to see more Attack Reports