Trusted Design

Akira

アクターID: G1024

· MITRE Pageへのリンク

脅威アクターの詳細

Akira is a ransomware variant and ransomware deployment entity active since at least March 2023.(Citation: Arctic Wolf Akira 2023) Akira uses compromised credentials to access single-factor external access mechanisms such as VPNs for initial access, then various publicly-available tools and techniques for lateral movement.(Citation: Arctic Wolf Akira 2023)(Citation: Secureworks GOLD SAHARA) Akira operations are associated with "double extortion" ransomware activity, where data is exfiltrated from victim environments prior to encryption, with threats to publish files if a ransom is not paid. Technical analysis of Akira ransomware indicates variants capable of targeting Windows or VMWare ESXi hypervisors and multiple overlaps with Conti ransomware.(Citation: BushidoToken Akira 2023)(Citation: CISA Akira Ransomware APR 2024)(Citation: Cisco Akira Ransomware OCT 2024)

脅威アクターの別名・別称

Akira
GOLD SAHARA
PUNK SPIDER
Howling Scorpius

利用した攻撃手法

関連するCVE (攻撃手法に関連)

Actor – Pulse グラフ

← 脅威アクター一覧に戻る