Akira_v2

Malware updated 5 months ago (2024-05-05T11:17:32.141Z)
Download STIX
Preview STIX
Akira_v2 is a variant of the Akira malware, identified and confirmed by trusted third-party investigations. The Akira threat actors were initially observed deploying the Windows-specific "Megazord" ransomware, with further analysis revealing that a second payload, later identified as Akira_v2, was concurrently deployed in the attack. This novel variant of the Akira ESXi encryptor is part of a broader malicious software landscape designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. The Akira threat actors have shown a persistent pattern of employing both Megazord and Akira, including the Akira_v2 variant, interchangeably. They have continued to use these two forms of malware, demonstrating a sophisticated understanding of multiple operating systems and their vulnerabilities. This dual deployment strategy allows them to maximize the potential damage and disruption caused by their attacks, making them a significant cybersecurity concern. In August 2023, the Akira threat actors evolved from primarily targeting Windows systems to focusing on Linux, specifically VMware ESXi virtual machines. They began deploying Megazord, a Rust-based code, alongside Akira, which is written in C++, including the Akira_v2 variant, also based on Rust. This shift signifies an expansion in their capabilities and target range, increasing the potential risk for a wider variety of systems and networks.
Description last updated: 2024-05-05T10:20:03.239Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Akira is a possible alias for Akira_v2. Akira is a malicious software known for its persistent and damaging attacks on various systems. This ransomware has been active since at least 2023, as reported by Sophos, and it operates by infiltrating systems often through suspicious downloads, emails, or websites, encrypting data, and demanding
2
Megazord is a possible alias for Akira_v2. Megazord is a new variant of the Akira ransomware, first observed in deployment by Akira threat actors around August 2023. Initially focusing on Windows systems, the malware evolved to target Linux VMware ESXi virtual machines. Early versions of Akira were written in C++, encrypting files with an .a
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Akira_v2 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more