Cicada

Cicada, also known as Cicada 3301, is a sophisticated threat actor that has been associated with multiple cyber attacks and online puzzles. This group has demonstrated advanced capabilities in terms of techniques and resources, making it a significant concern for cybersecurity professionals. The group's use of DLL side-loading, living-off-the-land tools, and custom DLL loaders to decrypt and execute its final payload underlines its technical prowess and highlights the need for robust security measures to detect and counter such threats. Its final payload often includes QuasarRAT, an open-source backdoor that has been used by Cicada in previous attacks. On August 30, 2024, a sample of Cicada's ESXi Ransomware was discovered and analyzed. This ransomware showcases unique features not seen before in other similar malicious software, indicating Cicada's continuous evolution and increasing threat level. It has been compared to the BlackCat ransomware-as-a-service (RaaS), another substantial cyber threat that has attracted law enforcement attention. However, according to Michael Gorelik, CTO of Morphisec, Cicada can be considered even more advanced than BlackCat. Cicada's activities have shown clear links to at least two victim organizations, confirming its continued involvement in cyber attacks. The group's ability to carry out extensive campaigns suggests access to considerable resources and skills, maintaining its status as a highly dangerous entity. As such, it is crucial for organizations to implement comprehensive security solutions to detect suspicious activity and prevent potential attacks from actors like Cicada.