216.73.217.80

Akira Ransomware Targets the LATAM Airline Industry

· Published 16/07/2024 09:53 · Modified 16/07/2024 10:26

Export JSON

Essential information

Published
16/07/2024 09:53
Modified
16/07/2024 10:26
Tags
2024-07-16 CVE-2023-27532 akira backup exfiltration linux ransomware ssh
Related entities
3 vulnerabilities (cve), 2 observables, 1 intrusion sets (apt), 32 techniques (mitre), 1 malware, 1 others

Description

An in-depth analysis examined a threat actor utilizing to compromise a Latin American airline. The attacker gained initial network access via , exploiting a vulnerability in Veeam software, and subsequently exfiltrated critical data before deploying the payload the following day. The attack leveraged various legitimate tools and techniques, enabling reconnaissance, persistence, and widespread encryption of victim systems in a double-extortion scheme.

External references