Octo Tempest

Threat Actor updated 10 days ago (2024-08-28T22:18:14.083Z)
Download STIX
Preview STIX
Octo Tempest, a known threat actor in the cybersecurity landscape, has recently added RansomHub and Qilin ransomware to its arsenal of cyber weapons. This expansion of their capabilities marks a significant escalation in their potential for harm and demonstrates a clear evolution towards more sophisticated and damaging attacks. The group's activities have been reported by multiple security vendors, including Microsoft, which highlights the growing concern within the cybersecurity community about Octo Tempest's actions. In addition to its new tools, Octo Tempest has been identified as one of several groups exploiting a specific vulnerability, CVE-2024-37085, to deploy ransomware strains such as Akira and Black Basta. This tactic has been noted by Microsoft's security researchers as a new post-compromise technique utilized by ransomware operators, including Octo Tempest, in numerous attacks. Other groups that have exploited this vulnerability include Storm-0506, also known as Black Basta, and Storm-1175. The increasing sophistication and frequency of attacks by Octo Tempest and similar groups pose a significant threat to digital security. Microsoft has reported that these financially motivated groups have already successfully leveraged vulnerabilities to deploy ransomware, indicating an urgent need for robust defenses and timely patching of vulnerabilities. As Octo Tempest continues to evolve and adapt its techniques, maintaining vigilance and proactive measures will be critical in mitigating the risks posed by this threat actor.
Description last updated: 2024-08-28T22:15:59.715Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Scattered Spider
4
Scattered Spider is a threat actor group known for its malicious cyber activities. The group's operations involve searching SharePoint repositories for sensitive information, maintaining persistence on targeted networks, and exfiltrating data for extortion purposes. They primarily gain access to vic
UNC3944
3
UNC3944, also known as Scattered Spider and 0ktapus, is a financially motivated threat actor group that has been increasingly active in recent years. The group initially targeted telecommunication firms and tech companies but has now expanded its operations to include the hospitality, retail, media,
Qilin
2
The Qilin ransomware group, a malicious threat actor in the cybersecurity landscape, has been active since at least 2022 and gained significant attention in June 2024 for attacking Synnovis, a UK governmental service provider for healthcare. The group was later associated with Octo Tempest, which ad
Ransomhub
2
RansomHub, a threat actor group, has emerged as a significant cyber threat since its inception in February. The group employs a double-extortion strategy, which involves both encrypting IT systems and exfiltrating data to extort victims. RansomHub is known for its unique approach to ransom demands,
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Phishing
Microsoft
Extortion
Reconnaissance
Esxi
Cybercrime
Azure
Mongodb
RaaS
Windows
Linux
Sharepoint
AITM
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
AlphvUnspecified
4
Alphv is a threat actor group known for its malicious activities in the cyber world. They have been particularly active in deploying ransomware attacks, with one of their most significant actions being the theft of 5TB of data from Morrison Community Hospital. This act not only disrupted hospital op
Source Document References
Information about the Octo Tempest Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
10 days ago
BlackByte Targets ESXi Bug With Ransomware to Access Virtual Assets
Securityaffairs
a month ago
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs
a month ago
security-affairs-malware-newsletter-round-5
Securityaffairs
a month ago
+20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085
DARKReading
a month ago
Ransomware Gangs Exploit ESXi Bug for Instant, Mass Encryption of VMs
Securityaffairs
a month ago
Ransomware gangs exploit VMware ESXi bug CVE-2024-37085
Securityaffairs
a month ago
CISA adds VMware ESXi bug to its Known Exploited Vulnerabilities catalog
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 months ago
Security Affairs newsletter Round 481 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 months ago
Security Affairs newsletter Round 481 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Octo Tempest group adds RansomHub and Qilin ransomware to its arsenal
DARKReading
2 months ago
Microsoft: Scattered Spider Widens Web With RansomHub & Qilin
DARKReading
6 months ago
The Rise of Social Engineering Fraud in Business Email Compromise
DARKReading
9 months ago
Millions of Microsoft Accounts Power Lattice of Automated Cyberattacks
CERT-EU
9 months ago
Protecting credentials against social engineering: Cyberattack Series | Microsoft Security Blog
CERT-EU
10 months ago
Meet Octo Tempest, 'Most Dangerous Financial' Hackers
BankInfoSecurity
10 months ago
Meet Octo Tempest, 'Most Dangerous Financial' Hackers
DARKReading
9 months ago
Scattered Spider Casino Hackers Evade Arrest in Plain Sight
CERT-EU
9 months ago
FBI and CISA warn against Scattered Spider triggered cyber attacks - Cybersecurity Insiders