Malware

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data.

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers.

The group now is targeting Cisco VPN products to gain initial access to corporate networks.

Sophos researchers observed in May the threat actor using compromised Cisco VPN accounts to breach target networks.

Bleeping Computer reported that information shared by the incident responder that goes as ‘Aura’ on Twitter. Aura confirmed that threat actors targeted organizations using CISCO VPN appliances without MFA enabled.

BleepingComputer also reported that SentinelOne is investigating the possibility that the Akira ransomware group is exploiting an unknown vulnerability in the Cisco VPN software. The experts speculate that this issue might allow threat actors to bypass authentication in the absence of MFA and that the group launched an ongoing campaign against Cisco VPN appliances.

SentinelOne researchers also observed Akira operators using the legitimate RustDesk open-source remote access tool to maintain access to compromised networks.

In June, cybersecurity firm Avast released a free decryptor for the Akira ransomware that can allow victims to recover their data without paying the ransom.

The threat actors responded by patching their encryptors, making it impossible for victims use them to recover data encrypted by newer versions.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Akira ransomware)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Keytronic confirms data breach after ransomware attack

Printed circuit board assembly (PCBA) manufacturer Keytronic disclosed a data breach after a ransomware attack.…

1 hour ago

The Financial Dynamics Behind Ransomware Attacks

Over the last few years, ransomware attacks have become one of the most prevalent and…

3 hours ago

Empire Market owners charged with operating $430M dark web marketplace

Federal authorities charged two individuals with operating the dark web marketplace Empire Market that facilitated…

12 hours ago

China-linked Velvet Ant uses F5 BIG-IP malware in cyber espionage campaign

Chinese cyberespionage group Velvet Ant was spotted using custom malware to target F5 BIG-IP appliances…

15 hours ago

LA County’s Department of Public Health (DPH) data breach impacted over 200,000 individuals

The County of Los Angeles’ Department of Public Health (DPH) disclosed a data breach that…

21 hours ago

Spanish police arrested an alleged member of the Scattered Spider group

A joint law enforcement operation led to the arrest of a key member of the…

23 hours ago

This website uses cookies.