Cicada3301

Threat Actor updated 22 days ago (2024-11-29T14:50:53.521Z)
Download STIX
Preview STIX
Cicada3301, named after an online cryptography game, is a new threat actor in the cybersecurity landscape. This entity is responsible for distributing a ransomware variant also known as Cicada3301. The group primarily targets VMware ESXi environments with the intention of shutting down virtual machines (VMs), deleting snapshots, and encrypting data. The first data leak site post attributed to this group was detected on June 25, with an invitation extended to potential affiliates to join their platform on the cybercrime forum Ramp four days later. There's speculation about a possible connection between Cicada3301, ALPHV, and another entity called Repellent Scorpius, especially considering the latter's emergence after the shutdown of ALPHV's Ransomware-as-a-Service (RaaS) operation in March. Repellent Scorpius has emerged as a new threat group that distributes the Cicada3301 ransomware. This group operates as a Ransomware-as-a-Service (RaaS) entity, contributing to the distribution and evolution of the Cicada3301 ransomware. Despite the original owners of the Cicada3301 game distancing themselves from this new RaaS group, there's ongoing debate among cybersecurity researchers about potential links between these entities. Some suggest that the source code for the ransomware could have been purchased by a separate group following the shutdown of the original RaaS operation. In response to the Cicada3301 threat, cybersecurity solutions like Cortex XDR and Prisma Cloud have developed detection and prevention measures. Cortex XDR can detect and prevent the Cicada3301 ransomware, while Prisma Cloud can identify known Cicada3301 ransomware binaries executed within cloud environments through the Cloud Security Agent (CSA). However, given the novelty of the Cicada3301 ransomware, it's expected that its tactics, techniques, and procedures (TTPs) will evolve over time, necessitating ongoing vigilance and adaptation from cybersecurity defenses.
Description last updated: 2024-10-17T12:11:12.650Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Alphv is a possible alias for Cicada3301. Alphv, also known as BlackCat, is a threat actor group that has been linked to numerous cyberattacks, particularly targeting the healthcare sector. The group made headlines when it stole 5TB of data from Morrison Community Hospital, causing significant disruption and raising concerns about patient p
4
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
RaaS
Cybercrime
Encryption
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Cicada3301 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more