Cicada

Threat Actor updated a month ago (2024-09-10T13:17:51.060Z)
Download STIX
Preview STIX
Cicada, also known as Cicada 3301, is a sophisticated threat actor that has been associated with multiple cyber attacks and online puzzles. This group has demonstrated advanced capabilities in terms of techniques and resources, making it a significant concern for cybersecurity professionals. The group's use of DLL side-loading, living-off-the-land tools, and custom DLL loaders to decrypt and execute its final payload underlines its technical prowess and highlights the need for robust security measures to detect and counter such threats. Its final payload often includes QuasarRAT, an open-source backdoor that has been used by Cicada in previous attacks. On August 30, 2024, a sample of Cicada's ESXi Ransomware was discovered and analyzed. This ransomware showcases unique features not seen before in other similar malicious software, indicating Cicada's continuous evolution and increasing threat level. It has been compared to the BlackCat ransomware-as-a-service (RaaS), another substantial cyber threat that has attracted law enforcement attention. However, according to Michael Gorelik, CTO of Morphisec, Cicada can be considered even more advanced than BlackCat. Cicada's activities have shown clear links to at least two victim organizations, confirming its continued involvement in cyber attacks. The group's ability to carry out extensive campaigns suggests access to considerable resources and skills, maintaining its status as a highly dangerous entity. As such, it is crucial for organizations to implement comprehensive security solutions to detect suspicious activity and prevent potential attacks from actors like Cicada.
Description last updated: 2024-09-10T13:17:27.257Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Cicada Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more