{
  "name": "Akira Ransomware Targets the LATAM Airline Industry",
  "slug": "akira-ransomware-targets-the-latam-airline-industry",
  "description": "An in-depth analysis examined a threat actor utilizing Akira ransomware to compromise a Latin American airline. The attacker gained initial network access via SSH, exploiting a vulnerability in Veeam backup software, and subsequently exfiltrated critical data before deploying the ransomware payload the following day. The attack leveraged various legitimate tools and techniques, enabling reconnaissance, persistence, and widespread encryption of victim systems in a double-extortion scheme.",
  "published": "2024-07-16T07:53:58+00:00",
  "created_at": "2024-07-16T07:53:58+00:00",
  "modified_at": "2024-07-16T08:26:22+00:00",
  "created_at_opencti": "2024-07-16T07:53:58+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-07-16",
    "CVE-2023-27532",
    "akira",
    "backup",
    "exfiltration",
    "linux",
    "ransomware",
    "ssh"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "77.247.126.158"
      },
      {
        "id": "",
        "name": "9b42decb7ea825b939fc36ab924e0c80324e0a4eccb4c371eac60a8672af9603"
      }
    ],
    "malware": [
      {
        "id": "28206dae-800a-4dcc-9872-b7916a5f2b31",
        "name": "Akira",
        "slug": "akira"
      }
    ],
    "intrusion_sets": [
      {
        "id": "90c3fb7a-87cc-4e41-be7d-5adc11c6503f",
        "name": "Storm-1567",
        "slug": "storm-1567"
      }
    ],
    "attack_patterns": [
      {
        "id": "566a4023-1f45-4988-a451-e1564d7dfef4",
        "name": "T1136.002"
      },
      {
        "id": "39c253d6-7ca2-4312-9b24-c2a9660e70f7",
        "name": "T1222.001"
      },
      {
        "id": "5d2af906-6187-4702-ab9f-590fbe5b1ca3",
        "name": "T1021.002"
      },
      {
        "id": "f65930b0-5581-4f3d-a367-a86ac78f407b",
        "name": "T1021.004"
      },
      {
        "id": "6b5f1e68-aec7-4ea0-9777-62156da790a7",
        "name": "T1069"
      },
      {
        "id": "a6b6df0a-93c1-4ddf-8403-2bc47590f9fe",
        "name": "T1087.001"
      },
      {
        "id": "4f0fd880-1731-42a7-88ed-97bb3c1c1571",
        "name": "T1136.001"
      },
      {
        "id": "195d9773-4de3-4f61-b94d-a2b53cb65608",
        "name": "T1021.001"
      },
      {
        "id": "5a32ed20-a829-486a-a501-df0874217745",
        "name": "T1537"
      },
      {
        "id": "6a146066-5a78-493c-a26a-133b62c1149e",
        "name": "T1588.002"
      },
      {
        "id": "0ca071fb-4f52-4672-b64a-75deff57d874",
        "name": "T1048"
      },
      {
        "id": "ecaaa4cc-d487-4002-bcb2-f769acfcc38f",
        "name": "T1490"
      },
      {
        "id": "a15721d2-76b1-4869-bd1f-819afb6e368d",
        "name": "T1482"
      },
      {
        "id": "1584b551-72fb-4f60-ba7a-bdac106e6f9b",
        "name": "T1560.001"
      },
      {
        "id": "f6ceeba2-b50c-47dc-8642-ab9842ca76d7",
        "name": "T1018"
      },
      {
        "id": "8eae619f-9be9-4728-806c-f5b54e461d5d",
        "name": "T1531"
      },
      {
        "id": "16e4fc82-7c0b-4d1a-b784-b804b4df26dc",
        "name": "T1204.001"
      },
      {
        "id": "32b33067-6566-4b8d-be80-e96f765d84de",
        "name": "T1059.001"
      },
      {
        "id": "7364ca96-72bf-4b7f-afef-ce2583b1ed58",
        "name": "T1562.001"
      },
      {
        "id": "d9f271ed-7685-4362-b90d-f16a14102f39",
        "name": "T1489"
      },
      {
        "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1",
        "name": "T1486"
      },
      {
        "id": "dc17cbbd-40d8-43cf-b3cf-50d1276db2c7",
        "name": "T1016"
      },
      {
        "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571",
        "name": "T1105"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "4cb4ee3b-b78f-45cf-bcaa-45a2aa968e56",
        "name": "T1570"
      },
      {
        "id": "67c697ce-a6cc-475f-9bee-e14c1bef7067",
        "name": "T1047"
      },
      {
        "id": "c12e0e03-aab0-4646-a929-e921a3d27f02",
        "name": "T1219"
      },
      {
        "id": "41ad5d62-aa6a-47d6-a9a9-fb2209601099",
        "name": "T1098"
      },
      {
        "id": "09124a92-c11f-4571-b35b-ab0bce6dd081",
        "name": "T1112"
      },
      {
        "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62",
        "name": "T1190"
      },
      {
        "id": "b9eab970-53dd-4977-9a26-c4fe566e422d",
        "name": "T1133"
      },
      {
        "id": "9f11a241-9abc-4c57-95dd-33955ab08826",
        "name": "T1078"
      }
    ],
    "vulnerabilities": [
      {
        "id": "",
        "name": "CVE-2023-27532"
      },
      {
        "id": "",
        "name": "CVE-2023-20269"
      },
      {
        "id": "",
        "name": "CVE-2020-3259"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Transportation"
      }
    ]
  },
  "external_refs": [
    "https://blogs.blackberry.com/en/2024/07/akira-ransomware-targets-the-latam-airline-industry",
    "https://otx.alienvault.com/pulse/66964336d4e619f1923fbe7f"
  ]
}