Akira ransomware continues to evolve
Essential information
- Published
- 22/10/2024 09:43
- Modified
- 22/10/2024 09:57
- Tags
- 2024-10-22 CVE-2020-3259 CVE-2023-20263 CVE-2023-20269 CVE-2023-27532 CVE-2023-48788 CVE-2024-37085 CVE-2024-40711 CVE-2024-40766 akira chacha8 double-extortion esxi linux megazord ransomware rust vulnerability exploitation windows
- Related entities
- 8 vulnerabilities (cve), 37 observables, 1 intrusion sets (apt), 16 techniques (mitre), 2 malware, 2 others
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (8)
Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution.
- Attack vector
- Network
- Published
- 17/10/2024
- Modified
- 21/12/2025
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in …
- Attack vector
- Network
- Published
- 09/09/2024
- Modified
- 21/12/2025
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an …
- Attack vector
- Network
- Published
- 30/07/2024
- Modified
- 27/05/2026
Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within …
- Attack vector
- Network
- Published
- 22/08/2023
- Modified
- 27/05/2026
Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
- Attack vector
- Network
- Published
- 25/03/2024
- Modified
- 21/12/2025
Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct …
- Attack vector
- Network
- Published
- 13/09/2023
- Modified
- 21/12/2025
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a …
- Attack vector
- NETWORK
- Published
- 06/09/2023
- Modified
- 21/12/2025
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on …
- Published
- 15/02/2024
- Modified
- 21/12/2025
Observables (37)
-
988776358d0e45a4907dc1f4906a916f1b3595a31fa44d8e04e563a32557eb42 -
87b4020bcd3fad1f5711e6801ca269ef5852256eeaf350f4dde2dc46c576262d -
9585af44c3ff8fd921c713680b0c2b3bbc9d56add848ed62164f7c9b9f23d065 -
7f731cc11f8e4d249142e99a44b9da7a48505ce32c4ee4881041beeddb3760be -
3298d203c2acb68c474e5fdad8379181890b4403d6491c523c13730129be3f75 -
131da83b521f610819141d5c740313ce46578374abb22ef504a7593955a65f07 -
c9c94ac5e1991a7db42c7973e328fceeb6f163d9f644031bdfd4123c7b3898b0 -
0c0e0f9b09b80d87ebc88e2870907b6cacb4cd7703584baf8f2be1fd9438696d -
678ec8734367c7547794a604cc65e74a0f42320d85a6dce20c214e3b4536bb33 -
6cadab96185dbe6f3a7b95cf2f97d6ac395785607baa6ed7bf363deeb59cc360 -
1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc -
3c92bfc71004340ebc00146ced294bc94f49f6a5e212016ac05e7d10fcb3312c
Intrusion sets (APT) (1)
-
The MITRE Corporation Confidence 100
The Akira ransomware group is said to have emerged in March 2023, and there's much speculation about its ties to the former CONTI ransomware group.<br> <br> It's worth…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Techniques (MITRE) (16)
-
Remote Desktop Protocol MITRE
-
Inhibit System Recovery MITRE
-
PowerShell MITRE
-
File Deletion MITRE
-
Disable or Modify Tools MITRE
-
Data Encrypted for Impact MITRE
-
System Information Discovery MITRE
-
File and Directory Discovery MITRE
-
Exploitation of Remote Services MITRE
-
Obfuscated Files or Information MITRE
-
Modify Registry MITRE
-
Phishing MITRE
Malware (2)
-
Family
-
The MITRE Corporation Confidence 100
[Akira](https://attack.mitre.org/software/S1129) ransomware, written in C++, is most prominently (but not exclusively) associated with the ransomware-as-a-service entity [Akira](https://attack.mitre.org/groups/G1024). [Akira](https://attack.mitre.org/software/S1129) ransomware has been used in attacks across North America, Europe,…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Others (2)
-
Professional Services
-
Manufacturing