Akira ransomware continues to evolve
Essential information
- Published
- 22/10/2024 09:43
- Modified
- 22/10/2024 09:57
- Tags
- 2024-10-22 CVE-2020-3259 CVE-2023-20263 CVE-2023-20269 CVE-2023-27532 CVE-2023-48788 CVE-2024-37085 CVE-2024-40711 CVE-2024-40766 akira chacha8 double-extortion esxi linux megazord ransomware rust vulnerability exploitation windows
- Related entities
- 8 vulnerabilities (cve), 37 observables, 1 intrusion sets (apt), 16 techniques (mitre), 2 malware, 2 others
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (8)
Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution.
- Attack vector
- Network
- Published
- 17/10/2024
- Modified
- 21/12/2025
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in …
- Attack vector
- Network
- Published
- 09/09/2024
- Modified
- 21/12/2025
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an …
- Attack vector
- Network
- Published
- 30/07/2024
- Modified
- 27/05/2026
Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within …
- Attack vector
- Network
- Published
- 22/08/2023
- Modified
- 27/05/2026
Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
- Attack vector
- Network
- Published
- 25/03/2024
- Modified
- 21/12/2025
Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct …
- Attack vector
- Network
- Published
- 13/09/2023
- Modified
- 21/12/2025
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a …
- Attack vector
- NETWORK
- Published
- 06/09/2023
- Modified
- 21/12/2025
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on …
- Published
- 15/02/2024
- Modified
- 21/12/2025
Observables (37)
-
88da2b1cee373d5f11949c1ade22af0badf16591a871978a9e02f70480e547b2 -
8816caf03438cd45d7559961bf36a26f26464bab7a6339ce655b7fbad68bb439 -
78d75669390e4177597faf9271ce3ad3a16a3652e145913dbfa9a5951972fcb0 -
68d5944d0419bd123add4e628c985f9cbe5362ee19597773baea565bff1a6f1a -
6005dcbe15d60293c556f05e98ed9a46d398a82e5ca4d00c91ebec68a209ea84 -
566ef5484da0a93c87dd0cb0a950a7cff4ab013175289cd5fccf9dd7ea430739 -
43c5a487329f5d6b4a6d02e2f8ef62744b850312c5cb87c0a414f3830767be72 -
3805f299d33ef43d17a5a1040149f0e5e2d5db57ec6f03c5687ac23db1f77a30 -
2f629395fdfa11e713ea8bf11d40f6f240acf2f5fcf9a2ac50b6f7fbc7521c83 -
2c7aeac07ce7f03b74952e0e243bd52f2bfa60fadc92dd71a6a1fee2d14cdd77 -
28cea00267fa30fb63e80a3c3b193bd9cd2a3d46dd9ae6cede5f932ac15c7e2e -
0ee1d284ed663073872012c7bde7fac5ca1121403f1a5d2d5411317df282796c
Intrusion sets (APT) (1)
-
The MITRE Corporation Confidence 100
The Akira ransomware group is said to have emerged in March 2023, and there's much speculation about its ties to the former CONTI ransomware group.<br> <br> It's worth…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Techniques (MITRE) (16)
-
Remote Desktop Protocol MITRE
-
Inhibit System Recovery MITRE
-
PowerShell MITRE
-
File Deletion MITRE
-
Disable or Modify Tools MITRE
-
Data Encrypted for Impact MITRE
-
System Information Discovery MITRE
-
File and Directory Discovery MITRE
-
Exploitation of Remote Services MITRE
-
Obfuscated Files or Information MITRE
-
Modify Registry MITRE
-
Phishing MITRE
Malware (2)
-
Family
-
The MITRE Corporation Confidence 100
[Akira](https://attack.mitre.org/software/S1129) ransomware, written in C++, is most prominently (but not exclusively) associated with the ransomware-as-a-service entity [Akira](https://attack.mitre.org/groups/G1024). [Akira](https://attack.mitre.org/software/S1129) ransomware has been used in attacks across North America, Europe,…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Others (2)
-
Professional Services
-
Manufacturing