An in-depth analysis examined a threat actor utilizing Akira ransomware to compromise a Latin American airline. The attacker gained initial network access via SSH, exploiting a vulnerability in Veeam backup software, and subsequently exfiltrated critical data before deploying the ransomware payload the following day. The attack leveraged various legitimate tools and techniques, enabling reconnaissance, persistence, and widespread encryption of victim systems in a double-extortion scheme. Author: AlienVault
Related Tags:
T1136.002
CVE-2023-27532
T1136.001
T1560.001
T1537
T1222.001
T1021.004
exfiltration
T1588.002
Associated Indicators:
77A243CB73F6BDD610EEB10786B752FB
77.247.126.158