The Cybersecurity and Infrastructure Security Agency (CISA) and partners released an updated advisory on Akira ransomware, highlighting new tactics, techniques, and indicators of compromise. The threat actors continue to target various sectors, exploiting vulnerabilities in edge devices, backup servers, and using advanced evasion and lateral movement strategies. #AkiraRansomware #Storm1567 #VulnerabilityExploitation
Keypoints
- Threat actors exploit vulnerabilities in edge devices and backup servers to gain initial access.
- They use command line tools for network and domain discovery within targeted networks.
- Attackers employ remote management tools and manipulate firewall settings to evade detection.
- Malware like POORTRY, SystemBC, and STONETOP facilitate privilege escalation, lateral movement, and payload deployment.
- The new Akira_v2 ransomware accelerates system encryption and impairs recovery efforts.