216.73.216.133

Camera off: Akira deploys ransomware via webcam

· Published 11/03/2025 14:20 · Modified 11/03/2025 16:53

Export JSON

Essential information

Published
11/03/2025 14:20
Modified
11/03/2025 16:53
Tags
2025-03-11 akira ransomware anydesk edr evasion iot network segmentation ransomware remote access smb protocol webcam
Related entities
1 intrusion sets (apt), 14 techniques (mitre), 1 malware

Description

Akira, a prominent group, accounted for 15% of incidents in 2024, showcasing novel evasion techniques. In a recent attack, Akira circumvented an Endpoint Detection and Response (EDR) tool by compromising an unsecured to deploy . After initial detection, the group pivoted to exploit devices, particularly a vulnerable running Linux. This allowed them to execute their Linux variant without EDR interference. The incident highlights the importance of comprehensive security measures, including device monitoring, , and regular audits. Key takeaways include prioritizing patch management for all devices, adapting to evolving threat actor tactics, and ensuring proper EDR implementation.

External references