← Back to Actors
Akira
AkiraGOLD SAHARAPUNK SPIDERHowling Scorpius
[Akira](https://attack.mitre.org/groups/G1024) is a ransomware variant and ransomware deployment entity active since at least March 2023.(Citation: Arctic Wolf Akira 2023) [Akira](https://attack.mitre.org/groups/G1024) uses compromised credentials to access single-factor external access mechanisms such as VPNs for initial access, then various publicly-available tools and techniques for lateral movement.(Citation: Arctic Wolf Akira 2023)(Citation: Secureworks GOLD SAHARA) [Akira](https://attack.mitre.org/groups/G1024) operations are associated with "double extortion" ransomware activity, where ...
18
Techniques
18
Covered
0
Gaps
100%
Coverage
Coverage18/18
COVERED (18)
T1018Remote System Discovery51 det.T1021.001Remote Desktop Protocol53 det.T1027.001Binary Padding3 det.T1036.005Match Legitimate Resource Name or Location45 det.T1059.001PowerShell372 det.T1078Valid Accounts297 det.T1133External Remote Services74 det.T1213.002Sharepoint4 det.T1219Remote Access Tools42 det.T1482Domain Trust Discovery41 det.T1486Data Encrypted for Impact374 det.T1531Account Access Removal27 det.T1558Steal or Forge Kerberos Tickets28 det.T1560.001Archive via Utility26 det.T1562.001Disable or Modify Tools316 det.T1567.002Exfiltration to Cloud Storage31 det.T1657Financial Theft15 det.T1685Disable or Modify Tools279 det.