Akira ransomware continues to evolve
Essential information
- Published
- 22/10/2024 09:43
- Modified
- 22/10/2024 09:57
- Tags
- 2024-10-22 CVE-2020-3259 CVE-2023-20263 CVE-2023-20269 CVE-2023-27532 CVE-2023-48788 CVE-2024-37085 CVE-2024-40711 CVE-2024-40766 akira chacha8 double-extortion esxi linux megazord ransomware rust vulnerability exploitation windows
- Related entities
- 8 vulnerabilities (cve), 37 observables, 1 intrusion sets (apt), 16 techniques (mitre), 2 malware, 2 others
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (8)
Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution.
- Attack vector
- Network
- Published
- 17/10/2024
- Modified
- 21/12/2025
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in …
- Attack vector
- Network
- Published
- 09/09/2024
- Modified
- 21/12/2025
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an …
- Attack vector
- Network
- Published
- 30/07/2024
- Modified
- 27/05/2026
Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within …
- Attack vector
- Network
- Published
- 22/08/2023
- Modified
- 27/05/2026
Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
- Attack vector
- Network
- Published
- 25/03/2024
- Modified
- 21/12/2025
Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct …
- Attack vector
- Network
- Published
- 13/09/2023
- Modified
- 21/12/2025
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a …
- Attack vector
- NETWORK
- Published
- 06/09/2023
- Modified
- 21/12/2025
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on …
- Published
- 15/02/2024
- Modified
- 21/12/2025
Observables (37)
e3fa93dad8fb8c3a6d9b35d02ce97c22035b409e0efc9f04372f4c1d6280a481ccda8247360a85b6c076527e438a995757b6cdf5530f38e125915d31291c00d5dfe6fddc67bdc93b9947430b966da2877fda094edf3e21e6f0ba98a84bc53198c0c0b2306d31e8962973a22e50b18dfde852c6ddf99baf849e3384ed9f07a0d6bcae978c17bcddc0bf6419ae978e3471197801c36f73cff2fc88cecbe3d88d1ab55fbe9358dd4b5825ce459e84cd0823ecdf7b64550fe1af968306047b7de5c9abba655df92e99a15ddcde1d196ff4393a13dbff293e45f5375a2f61c84a2c7ba6b0847cf31ccc3f76538333498f8fef79d444a9d4ecfca0592861cf731ae6cba546ef13e8a71a8b5f0803075382eb0311d0d8dbae3f08bac0b2f4250af8add09f393516edf6b8e011df6ee991758480c5b99a0efbfd68347786061f0e04426c95477703e789e6182096a09bc98853e0a70b680a4f19fa2bf86cbb9280e8ec5a8e9a33809b9062c5033928f82e8adacbef6cd7b40e73da9fcf13ec2493b4544c
Intrusion sets (APT) (1)
-
The MITRE Corporation Confidence 100
The Akira ransomware group is said to have emerged in March 2023, and there's much speculation about its ties to the former CONTI ransomware group.<br> <br> It's worth …
First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
Techniques (MITRE) (16)
-
Remote Desktop Protocol
-
Inhibit System Recovery
-
PowerShell
-
File Deletion
-
Disable or Modify Tools
-
Data Encrypted for Impact
-
System Information Discovery
-
File and Directory Discovery
-
Exploitation of Remote Services
-
Obfuscated Files or Information
-
Modify Registry
-
Phishing
Malware (2)
Others (2)
- Professional Services
- Manufacturing