“Trending & Emerging Threats” Threat Profile, Akira Ransomware, BlueAlpha/Gamaredon Group, Termite Ransomware
Threat Content Highlights
Threat Profile
- We released the first edition of a new, regularly updated, Tidal-curated “Trending & Emerging Threats” Threat Profile available in all client tenants. The profile highlights a key new or re-surfacing threat we expect to be relevant & significant to most organizations, based on our continual landscape monitoring and analysis
-
- The profile also showcases Tidal-recommended profiling & weighting best practices – most updates will feature a primary subject threat (usually a Group or Campaign), as well as associated Software (Tools/Malware), all curated & weighted by Tidal according to assessed relative relevance.
-
-
-
- Our first spotlight is on Akira Ransomware. While Akira has consistently claimed a considerable number of victims across a wide range of sectors & geographies since early 2023, last month saw the group claim an unusually large number of victims (135). Cisco Talos researchers recently highlighted how the group's attack methods are believed to be shifting back towards Windows- and Linux-focused encryptors, and so the curated profile emphasizes two relevant ransomware objects (including a newly added Software object for the Linux/ESXi version of the Akira encryptor).
-
Threat Objects
- New Campaign covering recently reported activity where Russia-state-sponsored espionage actors BlueAlpha/Gamaredon Group used the freely available “TryCloudflare” service to conceal malicious traffic by proxying it via the Cloudflare network.
- Added Termite Ransomware, a threat newly linked to a notable supply chain attack that disrupted multiple prominent retail brands (Termite actors also recently claimed several other victims).