One Article Review
| Source |  Techworm |
|---|---|
| Identifiant | 8485347 |
| Date de publication | 2024-04-19 20:15:33 (vue: 2024-04-19 15:08:46) |
| Titre | FBI: Akira Ransomware Group a fait 42 millions de dollars sur plus de 250 orgs FBI: Akira Ransomware Group Made $42 Million From 250+ Orgs |
| Texte | The Akira ransomware group has breached the networks of over 250 organizations and claimed approximately $42 million (USD) in ransomware proceeds, according to a recent joint cybersecurity advisory issued by the United States Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Europol\'s European Cybercrime Centre (EC3), and the Netherlands\' National Cyber Security Centre (NCSC-NL). According to FBI investigations, Akira ransomware has targeted a wide range of businesses and critical infrastructure entities across North America, Europe, and Australia since March 2023. While the ransomware initially targeted Windows systems, the FBI recently found Akira\'s Linux variant targeting VMware ESXi virtual machines that are used widely across many large businesses and organizations. ? #StopRansomare: Review our ? #cybersecurity advisory, outlining known #AkiraRansomware #TTPs & #IOCs, developed with @FBI, @EC3Europol, & @NCSC_NL to reduce the exploitation of businesses and critical infrastructure. https://t.co/2VBMKhoAXK pic.twitter.com/Nn0fEK4HRw — CISA Cyber (@CISACyber) April 18, 2024 “Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension. Akira threat actors have continued to use both Megazord and Akira, including Akira_v2 (identified by trusted third party investigations) interchangeably,” the joint cybersecurity advisory reads. The FBI and cybersecurity researchers have observed Akira threat actors obtaining initial access to organizations through a virtual private network (VPN) service without multifactor authentication (MFA) configured, mostly using known Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269. Additional methods of initial access include the use of external-facing services such as Remote Desktop Protocol (RDP), spear phishing attacks, and credential abuse. Once initial access is obtained, Akira threat actors attempt to exploit the functions of domain controllers by creating new domain accounts to establish persis |
| Envoyé | Oui |
| Condensat | #akiraransomware #cybersecurity #iocs #stopransomare: #ttps $42 2020 2023 2024 20269 250 250+ 3259 @cisacyber @ec3europol @fbi @ncsc abuse access according accounts accounts; across actors additional addresses advisory agencies said agency aid akira akira extension; akira ransomware all all operating america antimalware antivirus apply approximately april are attacks attempt august australia authentication backups; based began beginning bitcoin both breached bureau businesses c++ called centre cisa cisco claimed co/2vbmkhoaxk code com/nn0fek4hrw combat companies compromised configured contacted continued controllers controls creating credential credentials critical cryptocurrency cve cyber cybercrime cybersecurity data date defenders demand deploying desktop developed domain driver ec3 enabling encrypted encrypts ensuring entities escalation establish esxi europe european europol exfiltrated exfiltration exploit exploitation external extract facing factor fbi fbi: federal files filezilla firmware found from functions further group has have help however https://t identified implementing include including including: information infrastructure initial initially instances instructions interchangeably investigation investigations issued joint kept kerberoasting known large lazagne leave linux machines made maintaining maintaining backup many march megazord methods mfa million mimikatz mostly multi multifactor national ncsc netherlands network networks new nl have north not observed obtained obtaining offline once organizations orgs outlining over paid particularly party payment payments persistence phishing pic powerranges extension powertool practices pressure private privilege proceeds processes protocol provided publish range ransom ransomware ransomware; rclone rdp reads recent recently reduce regularly related relay remote reporting researchers resistant restoration and restrict review robust rust security segmenting service services since software some spear spread states strict such systems targeted targeting techniques terminate third threat threaten through tor trusted twitter united until usd use used uses using variant versions victim victimized virtual vmware vpn vpns vulnerabilities wallet webmail which wide widely windows winrar winscp without written zemana akira “akira “early “ransom |
| Tags | Ransomware Vulnerability Threat Studies |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.