Akira Ransomware Targets the LATAM Airline Industry
Essential information
- Published
- 16/07/2024 09:53
- Modified
- 16/07/2024 10:26
- Tags
- 2024-07-16 CVE-2023-27532 akira backup exfiltration linux ransomware ssh
- Related entities
- 3 vulnerabilities (cve), 2 observables, 1 intrusion sets (apt), 32 techniques (mitre), 1 malware, 1 others
Description
An in-depth analysis examined a threat actor utilizing Akira ransomware to compromise a Latin American airline. The attacker gained initial network access via SSH, exploiting a vulnerability in Veeam backup software, and subsequently exfiltrated critical data before deploying the ransomware payload the following day. The attack leveraged various legitimate tools and techniques, enabling reconnaissance, persistence, and widespread encryption of victim systems in a double-extortion scheme.