Infiltrating the Cicada3301 Ransomware-as-a-Service Group

216.73.216.226

Infiltrating the Cicada3301 Ransomware-as-a-Service Group

· Published 18/10/2024 10:45 · Modified 18/10/2024 10:50

Essential information

Published: 18/10/2024 10:45
Modified: 18/10/2024 10:50
Tags: 2024-10-18 affiliate cicada3301 encryption multi-platform ransomware sophisticated
Related entities: 5 observables, 1 intrusion sets (apt), 8 techniques (mitre), 1 malware, 2 others

Description

This analysis provides an in-depth look into the operations of the Cicada3301 Ransomware-as-a-Service (RaaS) group. It details the workflow of their affiliates within the panel and examines the multi-platform capabilities of their ransomware, encompassing Windows, Linux, ESXi, and even uncommon architectures like PowerPC. The group has swiftly targeted numerous organizations across critical sectors within just a few months, with a significant focus on the United States and the United Kingdom. Their sophisticated affiliate program recruits penetration testers and access brokers, offering commissions and a feature-rich web panel. The ransomware employs advanced encryption techniques and aggressive tactics to maximize disruption, making it a formidable threat.

External references

https://otx.alienvault.com/pulse/67123c32cc8a7e3de6245c16