Akira

AkiraGOLD SAHARAPUNK SPIDERHowling Scorpius

[Akira](https://attack.mitre.org/groups/G1024) is a ransomware variant and ransomware deployment entity active since at least March 2023.(Citation: Arctic Wolf Akira 2023) [Akira](https://attack.mitre.org/groups/G1024) uses compromised credentials to access single-factor external access mechanisms such as VPNs for initial access, then various publicly-available tools and techniques for lateral movement.(Citation: Arctic Wolf Akira 2023)(Citation: Secureworks GOLD SAHARA) [Akira](https://attack.mitre.org/groups/G1024) operations are associated with "double extortion" ransomware activity, where ...

Techniques

Covered

Gaps

100%

Coverage

Coverage18/18

COVERED (18)

T1018Remote System Discovery50 det.T1021.001Remote Desktop Protocol53 det.T1027.001Binary Padding3 det.T1036.005Match Legitimate Resource Name or Location44 det.T1059.001PowerShell368 det.T1078Valid Accounts280 det.T1133External Remote Services72 det.T1213.002Sharepoint4 det.T1219Remote Access Tools40 det.T1482Domain Trust Discovery41 det.T1486Data Encrypted for Impact360 det.T1531Account Access Removal27 det.T1558Steal or Forge Kerberos Tickets28 det.T1560.001Archive via Utility26 det.T1562.001Disable or Modify Tools311 det.T1567.002Exfiltration to Cloud Storage29 det.T1657Financial Theft14 det.T1685Disable or Modify Tools278 det.