{
  "name": "Akira ransomware continues to evolve",
  "slug": "akira-ransomware-continues-to-evolve",
  "description": "Akira ransomware has established itself as a prominent threat, constantly evolving its tactics. Initially employing double-extortion, it shifted focus to data exfiltration in early 2024. The group developed a Rust variant of their ESXi encryptor, moving away from C++. Recently, Akira has returned to previous encryption methods combined with data theft. They exploit various vulnerabilities for initial access and lateral movement, targeting sectors like manufacturing and professional services. The ransomware now uses ChaCha8 cipher for faster encryption. Akira is likely to continue prioritizing high-impact CVEs and attacks against VMware ESXi and Linux environments, adapting their techniques to maintain operational stability and effectiveness.",
  "published": "2024-10-22T07:43:37+00:00",
  "created_at": "2024-10-22T07:43:37+00:00",
  "modified_at": "2024-10-22T07:57:19+00:00",
  "created_at_opencti": "2024-10-22T07:43:37+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-10-22",
    "CVE-2020-3259",
    "CVE-2023-20263",
    "CVE-2023-20269",
    "CVE-2023-27532",
    "CVE-2023-48788",
    "CVE-2024-37085",
    "CVE-2024-40711",
    "CVE-2024-40766",
    "akira",
    "chacha8",
    "double-extortion",
    "esxi",
    "linux",
    "megazord",
    "ransomware",
    "rust",
    "vulnerability exploitation",
    "windows"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "e3fa93dad8fb8c3a6d9b35d02ce97c22035b409e0efc9f04372f4c1d6280a481"
      },
      {
        "id": "",
        "name": "ccda8247360a85b6c076527e438a995757b6cdf5530f38e125915d31291c00d5"
      },
      {
        "id": "",
        "name": "dfe6fddc67bdc93b9947430b966da2877fda094edf3e21e6f0ba98a84bc53198"
      },
      {
        "id": "",
        "name": "c0c0b2306d31e8962973a22e50b18dfde852c6ddf99baf849e3384ed9f07a0d6"
      },
      {
        "id": "",
        "name": "bcae978c17bcddc0bf6419ae978e3471197801c36f73cff2fc88cecbe3d88d1a"
      },
      {
        "id": "",
        "name": "b55fbe9358dd4b5825ce459e84cd0823ecdf7b64550fe1af968306047b7de5c9"
      },
      {
        "id": "",
        "name": "abba655df92e99a15ddcde1d196ff4393a13dbff293e45f5375a2f61c84a2c7b"
      },
      {
        "id": "",
        "name": "a6b0847cf31ccc3f76538333498f8fef79d444a9d4ecfca0592861cf731ae6cb"
      },
      {
        "id": "",
        "name": "a546ef13e8a71a8b5f0803075382eb0311d0d8dbae3f08bac0b2f4250af8add0"
      },
      {
        "id": "",
        "name": "9f393516edf6b8e011df6ee991758480c5b99a0efbfd68347786061f0e04426c"
      },
      {
        "id": "",
        "name": "95477703e789e6182096a09bc98853e0a70b680a4f19fa2bf86cbb9280e8ec5a"
      },
      {
        "id": "",
        "name": "8e9a33809b9062c5033928f82e8adacbef6cd7b40e73da9fcf13ec2493b4544c"
      },
      {
        "id": "",
        "name": "88da2b1cee373d5f11949c1ade22af0badf16591a871978a9e02f70480e547b2"
      },
      {
        "id": "",
        "name": "8816caf03438cd45d7559961bf36a26f26464bab7a6339ce655b7fbad68bb439"
      },
      {
        "id": "",
        "name": "78d75669390e4177597faf9271ce3ad3a16a3652e145913dbfa9a5951972fcb0"
      },
      {
        "id": "",
        "name": "68d5944d0419bd123add4e628c985f9cbe5362ee19597773baea565bff1a6f1a"
      },
      {
        "id": "",
        "name": "6005dcbe15d60293c556f05e98ed9a46d398a82e5ca4d00c91ebec68a209ea84"
      },
      {
        "id": "",
        "name": "566ef5484da0a93c87dd0cb0a950a7cff4ab013175289cd5fccf9dd7ea430739"
      },
      {
        "id": "",
        "name": "43c5a487329f5d6b4a6d02e2f8ef62744b850312c5cb87c0a414f3830767be72"
      },
      {
        "id": "",
        "name": "3805f299d33ef43d17a5a1040149f0e5e2d5db57ec6f03c5687ac23db1f77a30"
      },
      {
        "id": "",
        "name": "2f629395fdfa11e713ea8bf11d40f6f240acf2f5fcf9a2ac50b6f7fbc7521c83"
      },
      {
        "id": "",
        "name": "2c7aeac07ce7f03b74952e0e243bd52f2bfa60fadc92dd71a6a1fee2d14cdd77"
      },
      {
        "id": "",
        "name": "28cea00267fa30fb63e80a3c3b193bd9cd2a3d46dd9ae6cede5f932ac15c7e2e"
      },
      {
        "id": "",
        "name": "0ee1d284ed663073872012c7bde7fac5ca1121403f1a5d2d5411317df282796c"
      },
      {
        "id": "",
        "name": "988776358d0e45a4907dc1f4906a916f1b3595a31fa44d8e04e563a32557eb42"
      },
      {
        "id": "",
        "name": "87b4020bcd3fad1f5711e6801ca269ef5852256eeaf350f4dde2dc46c576262d"
      },
      {
        "id": "",
        "name": "9585af44c3ff8fd921c713680b0c2b3bbc9d56add848ed62164f7c9b9f23d065"
      },
      {
        "id": "",
        "name": "7f731cc11f8e4d249142e99a44b9da7a48505ce32c4ee4881041beeddb3760be"
      },
      {
        "id": "",
        "name": "3298d203c2acb68c474e5fdad8379181890b4403d6491c523c13730129be3f75"
      },
      {
        "id": "",
        "name": "131da83b521f610819141d5c740313ce46578374abb22ef504a7593955a65f07"
      },
      {
        "id": "",
        "name": "c9c94ac5e1991a7db42c7973e328fceeb6f163d9f644031bdfd4123c7b3898b0"
      },
      {
        "id": "",
        "name": "0c0e0f9b09b80d87ebc88e2870907b6cacb4cd7703584baf8f2be1fd9438696d"
      },
      {
        "id": "",
        "name": "678ec8734367c7547794a604cc65e74a0f42320d85a6dce20c214e3b4536bb33"
      },
      {
        "id": "",
        "name": "6cadab96185dbe6f3a7b95cf2f97d6ac395785607baa6ed7bf363deeb59cc360"
      },
      {
        "id": "",
        "name": "1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc"
      },
      {
        "id": "",
        "name": "3c92bfc71004340ebc00146ced294bc94f49f6a5e212016ac05e7d10fcb3312c"
      },
      {
        "id": "",
        "name": "5c62626731856fb5e669473b39ac3deb0052b32981863f8cf697ae01c80512e5"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:394c26405a8e22ba",
        "name": "Megazord",
        "slug": "megazord"
      },
      {
        "id": "28206dae-800a-4dcc-9872-b7916a5f2b31",
        "name": "Akira",
        "slug": "akira"
      }
    ],
    "intrusion_sets": [
      {
        "id": "cddff1ef-0078-4fdc-8fcd-dd04e89d074d",
        "name": "Akira",
        "slug": "akira"
      }
    ],
    "attack_patterns": [
      {
        "id": "195d9773-4de3-4f61-b94d-a2b53cb65608",
        "name": "T1021.001"
      },
      {
        "id": "ecaaa4cc-d487-4002-bcb2-f769acfcc38f",
        "name": "T1490"
      },
      {
        "id": "32b33067-6566-4b8d-be80-e96f765d84de",
        "name": "T1059.001"
      },
      {
        "id": "eaff4611-3c78-4127-8745-726f77ed68ba",
        "name": "T1070.004"
      },
      {
        "id": "7364ca96-72bf-4b7f-afef-ce2583b1ed58",
        "name": "T1562.001"
      },
      {
        "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1",
        "name": "T1486"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "820fbdf8-7db2-4292-9a60-7eed3567be8d",
        "name": "T1210"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "09124a92-c11f-4571-b35b-ab0bce6dd081",
        "name": "T1112"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      },
      {
        "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62",
        "name": "T1190"
      },
      {
        "id": "b9eab970-53dd-4977-9a26-c4fe566e422d",
        "name": "T1133"
      },
      {
        "id": "9f11a241-9abc-4c57-95dd-33955ab08826",
        "name": "T1078"
      },
      {
        "id": "74d6e294-54d1-4a21-9dfc-df5870f8ec8e",
        "name": "T1003"
      }
    ],
    "vulnerabilities": [
      {
        "id": "",
        "name": "CVE-2024-40711"
      },
      {
        "id": "",
        "name": "CVE-2024-40766"
      },
      {
        "id": "",
        "name": "CVE-2024-37085"
      },
      {
        "id": "",
        "name": "CVE-2023-27532"
      },
      {
        "id": "",
        "name": "CVE-2023-48788"
      },
      {
        "id": "",
        "name": "CVE-2023-20269"
      },
      {
        "id": "",
        "name": "CVE-2023-20263"
      },
      {
        "id": "",
        "name": "CVE-2020-3259"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Professional Services"
      },
      {
        "id": "",
        "name": "Manufacturing"
      }
    ]
  },
  "external_refs": [
    "https://blog.talosintelligence.com/akira-ransomware-continues-to-evolve/",
    "https://otx.alienvault.com/pulse/671773ca6756ce1c876f2a07"
  ]
}