FlagThis

CyberSecurity updates
Updated: 2024-11-22 04:11:34 Pacfic
do son @ Cybersecurity News
Akira Ransomware Continuously Evolving and Targeting Vulnerable Systems - 8h
Read more: securityonline.info

Akira ransomware, a prominent threat actor, is continuously evolving its tactics and targeting vulnerable systems, particularly network appliances. Their latest ransomware encryptor targets both Windows and Linux hosts. Akira affiliates have been exploiting vulnerabilities in SonicWall SonicOS, Cisco ASA/FTD, and FortiClientEMS for initial access, followed by credential harvesting, privilege escalation, and lateral movement. The group’s recent shift back to encryption methods, coupled with data theft extortion, emphasizes their focus on stability and efficiency in affiliate operations.

References:
  • Malware Analysis, News and Indicators - This article details the vulnerabilities exploited by Akira ransomware affiliates, including SonicWall SonicOS, Cisco ASA/FTD, and FortiClientEMS. - 10h
  • Cisco Talos Blog - Talos Intelligence delves into the evolving tactics, techniques, and procedures (TTPs) employed by Akira ransomware operators. - 10h
  • www.cisa.gov - Akira ransomware affiliates have been observed targeting network appliances vulnerable to CVE-2024-40766 - 9h
  • www.microsoft.com - This Microsoft blog post discusses the exploitation of ESXi hypervisor vulnerabilities by ransomware groups, which is a tactic also used by Akira. - 7h
  • nvd.nist.gov - Most recently, Akira ransomware affiliates have been observed targeting network appliances vulnerable to , an exploit in the SonicWall SonicOS facilitating remote code execution on the vulnerable devi - 40m
  • umbrella.cisco.com - Most recently, Akira ransomware affiliates have been observed targeting network appliances vulnerable to , an exploit in the SonicWall SonicOS facilitating remote code execution on the vulnerable devi - 40m
  • Vulnerability Archives - Securityonline article discussing Akira's exploitation of CVE-2024-40766. - 30d
  • @VirusBulletin - Cisco Talos researchers James Nutland & Michael Szeliga write about Akira ransomware evolution. Most recently, they have observed a potential shift back to previous encryption methods, in conjunction - 30d
  • ciso2ciso.com - Akira ransomware is encrypting victims again following pure extortion fling – Source: go.theregister.com - 30d
  • @jos1264 - Akira ransomware is encrypting victims again following pure extortion fling – Source: go.theregister.com - 30d
  • Arctic Wolf - Arctic Wolf Labs Observes Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN - 27d
  • Malware Analysis, News and Indicators - Arctic Wolf Labs Observes Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN - 27d

Classification:

This site is an experimental news aggregator using feeds I personally follow. You can reach me at Bluesky if you have feedback or comments.