← Back to Actors
Akira
AkiraGOLD SAHARAPUNK SPIDERHowling Scorpius
[Akira](https://attack.mitre.org/groups/G1024) is a ransomware variant and ransomware deployment entity active since at least March 2023.(Citation: Arctic Wolf Akira 2023) [Akira](https://attack.mitre.org/groups/G1024) uses compromised credentials to access single-factor external access mechanisms such as VPNs for initial access, then various publicly-available tools and techniques for lateral movement.(Citation: Arctic Wolf Akira 2023)(Citation: Secureworks GOLD SAHARA) [Akira](https://attack.mitre.org/groups/G1024) operations are associated with "double extortion" ransomware activity, where ...
17
Techniques
17
Covered
0
Gaps
100%
Coverage
Coverage17/17
COVERED (17)
T1018Remote System Discovery46 det.T1021.001Remote Desktop Protocol51 det.T1027.001Binary Padding3 det.T1036.005Match Legitimate Resource Name or Location44 det.T1059.001PowerShell338 det.T1078Valid Accounts252 det.T1133External Remote Services72 det.T1213.002Sharepoint4 det.T1219Remote Access Tools33 det.T1482Domain Trust Discovery38 det.T1486Data Encrypted for Impact339 det.T1531Account Access Removal27 det.T1558Steal or Forge Kerberos Tickets25 det.T1560.001Archive via Utility24 det.T1562.001Disable or Modify Tools300 det.T1567.002Exfiltration to Cloud Storage27 det.T1657Financial Theft12 det.