[threat-actors] Add Storm-1567

2024-11-22 23:07:19 +00:00 · 2024-02-01 11:02:05 -08:00 · 2024-02-01 11:02:05 -08:00 · 7607dc70cf
commit 7607dc70cf
parent eb8db810c0
1 changed files with 17 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -14662,6 +14662,23 @@
      },
      "uuid": "e18dca82-0524-4338-9a66-e13e67c81ac4",
      "value": "Storm-1152"
+    },
+    {
+      "description": "Storm-1567 is the threat actor behind the Ransomware-as-a-Service Akira. They attacked Swedish organizations in March 2023. This ransomware utilizes the ChaCha encryption algorithm, PowerShell, and Windows Management Instrumentation (WMI). Microsoft's Defender for Endpoint successfully blocked a large-scale hacking campaign carried out by Storm-1567, highlighting the effectiveness of their security solution.",
+      "meta": {
+        "refs": [
+          "https://news.sophos.com/en-us/2023/12/20/cryptoguard-an-asymmetric-approach-to-the-ransomware-battle/",
+          "https://securelist.com/crimeware-report-fakesg-akira-amos/111483/",
+          "https://www.trellix.com/en-us/about/newsroom/stories/research/akira-ransomware.html",
+          "https://blog.sekoia.io/sekoia-io-mid-2023-ransomware-threat-landscape",
+          "https://decoded.avast.io/threatresearch/avast-q2-2023-threat-report/"
+        ],
+        "synonyms": [
+          "Akira"
+        ]
+      },
+      "uuid": "3a912680-6f38-4fe7-9941-744f0e2280b3",
+      "value": "Storm-1567"
    }
  ],
  "version": 298