Octo Tempest

Threat Actor updated 22 days ago (2024-11-29T13:53:26.844Z)
Download STIX
Preview STIX
Octo Tempest, also known as Scattered Spider or 0ktapus, is a notable threat actor group in the cybercrime landscape. The group, comprised of five individuals in their early 20s, has been linked to major data extortion campaigns against high-profile targets such as Caesars Entertainment and MGM, often collaborating with the notorious Black Cat/ALPHV ransomware group. Recently, Octo Tempest has added RansomHub and Qilin ransomware to its arsenal, further enhancing its capabilities and posing an increased threat to organizations worldwide. The group has demonstrated a rapid rise in the ransomware game, leveraging sophisticated techniques to launch attacks. It has exploited vulnerabilities such as CVE-2024-37085 to deploy ransomware strains such as Akira and Black Basta. Microsoft and other security vendors have identified Octo Tempest alongside other ransomware outfits like Storm-0506 (aka Black Basta), Manatee Tempest, and Storm-1175, who are also exploiting these vulnerabilities for mass encryption attacks. Microsoft's security researchers have reported that multiple financially motivated groups, including Octo Tempest, have already utilized this post-compromise technique in numerous attacks. This evolution of Octo Tempest into ransomware operations represents a significant shift in its tactics and showcases its adaptability. Given its proven ability to exploit vulnerabilities and collaborate with other notorious groups, Octo Tempest continues to pose a serious cybersecurity threat.
Description last updated: 2024-11-21T16:05:28.536Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Scattered Spider is a possible alias for Octo Tempest. Scattered Spider, also known as Octo Tempest, 0ktapus, and UNC3944, is a notorious threat actor group involved in major data extortion campaigns. This cybercriminal group has been associated with high-profile attacks on organizations like Caesars Entertainment and MGM, often in collaboration with th
5
UNC3944 is a possible alias for Octo Tempest. UNC3944, also known as Scattered Spider or 0ktapus, is a notable threat actor in the cybersecurity landscape. This group primarily targets telecommunication firms and tech companies, but has expanded its operations to hospitality, retail, media, and financial services sectors. The group's modus oper
4
Qilin is a possible alias for Octo Tempest. Qilin, a threat actor known for its malicious activities in the cyberspace, has been on the rise with an increase in victim count by 44% reaching 140 in Q3. This group is part of the Octo Tempest group which recently added RansomHub and Qilin ransomware to its arsenal, enhancing its capabilities to
2
Ransomhub is a possible alias for Octo Tempest. RansomHub, a threat actor in the realm of cybersecurity, has emerged as a significant player within the ransomware landscape. The group is known for its malicious activities, including data breaches and extortion attempts. It has been observed that RansomHub affiliates actively participate in campai
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Extortion
Phishing
Esxi
Cybercrime
Azure
Microsoft
Reconnaissance
Mongodb
RaaS
Windows
Linux
Sharepoint
AITM
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Alphv Threat Actor is associated with Octo Tempest. Alphv, also known as BlackCat, is a threat actor group that has been linked to numerous cyberattacks, particularly targeting the healthcare sector. The group made headlines when it stole 5TB of data from Morrison Community Hospital, causing significant disruption and raising concerns about patient pUnspecified
4
The Manatee Tempest Threat Actor is associated with Octo Tempest. Manatee Tempest is a malicious threat actor known for its association with cyber attacks and ransomware operations. This group, identified by Microsoft security researchers, has been linked to numerous attacks involving the use of new post-compromise techniques. Alongside other threat actors such asUnspecified
2
Source Document References
Information about the Octo Tempest Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
a month ago
DARKReading
3 months ago
DARKReading
4 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
DARKReading
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
DARKReading
5 months ago
DARKReading
10 months ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago