Pistachio Tempest

Threat Actor updated a month ago (2024-11-29T14:12:07.822Z)
Download STIX
Preview STIX
Pistachio Tempest, also known as FIN12, is a threat actor that has been identified as a significant cybersecurity risk, particularly to the healthcare industry. According to a report by the U.S. Department of Health and Human Services (HHS) in 2022, this group has specifically targeted healthcare entities, deploying a combination of SystemBC and CS Beacon to orchestrate ransomware attacks. The unusual naming conventions for such groups are typical within the cybersecurity sector, with little standardization across the industry. Data from multiple incidents analyzed by cybersecurity firm Kaspersky indicate that Pistachio Tempest is likely a Russian-speaking Ransomware-as-a-Service (RaaS) cybercrime group. This group's focus on the healthcare industry is consistent with the HHS report, further emphasizing their use of SystemBC alongside CS Beacon to carry out ransomware attacks. The attribution of these attacks to Pistachio Tempest has been supported by specific indicators observed during these incidents. Despite the challenges in definitively attributing these attacks, there is substantial evidence pointing towards the involvement of Pistachio Tempest or FIN12. Their frequent deployment of SystemBC in conjunction with Cobalt Strike in 2022 underlines their persistent threat to the healthcare industry. As a result, organizations within this sector should be particularly vigilant in enhancing their cybersecurity measures to mitigate potential threats from this group.
Description last updated: 2023-10-09T11:19:22.955Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
FIN12 is a possible alias for Pistachio Tempest. FIN12, also known as DEV-0237 and Pistachio Tempest, is a threat actor group notorious for its malicious cyber activities. Tracked by Microsoft, this group is primarily engaged in the distribution of Hive, Conti, and Ryuk ransomware. The group has been responsible for several high-profile ransomware
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Beacon
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Systembc Malware is associated with Pistachio Tempest. SystemBC is a type of malware, or malicious software, known for its disruptive and exploitative nature. It infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once embedded, it can steal personal information, interrupt operations, or hold data hostage fUnspecified
2
Source Document References
Information about the Pistachio Tempest Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more