Storm-1567Storm-1567

Also known as: Akira · PUNK SPIDER · GOLD SAHARA · Storm-1567

Known aliases
4

Profile

Storm-1567 is the threat actor behind the Ransomware-as-a-Service Akira. They attacked Swedish organizations in March 2023. This ransomware utilizes the ChaCha encryption algorithm, PowerShell, and Windows Management Instrumentation (WMI). Microsoft's Defender for Endpoint successfully blocked a large-scale hacking campaign carried out by Storm-1567, highlighting the effectiveness of their security solution.

Aliases· 4

AkiraPUNK SPIDERGOLD SAHARAStorm-1567

References

  1. https://news.sophos.com/en-us/2023/12/20/cryptoguard-an-asymmetric-approach-to-the-ransomware-battle/
  2. https://securelist.com/crimeware-report-fakesg-akira-amos/111483/
  3. https://www.trellix.com/en-us/about/newsroom/stories/research/akira-ransomware.html
  4. https://blog.sekoia.io/sekoia-io-mid-2023-ransomware-threat-landscape
  5. https://decoded.avast.io/threatresearch/avast-q2-2023-threat-report/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Storm-1167
Actor
Storm-1674
Actor
Storm-1575
Actor
Storm-0867
Actor
Storm-1133
Actor
Storm-1044
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.