← Back to Actors
Cinnamon Tempest
Cinnamon TempestDEV-0401Emperor DragonflyBRONZE STARLIGHT
[Cinnamon Tempest](https://attack.mitre.org/groups/G1021) is a China-based threat group that has been active since at least 2021 deploying multiple strains of ransomware based on the leaked [Babuk](https://attack.mitre.org/software/S0638) source code. [Cinnamon Tempest](https://attack.mitre.org/groups/G1021) does not operate their ransomware on an affiliate model or purchase access but appears to act independently in all stages of the attack lifecycle. Based on victimology, the short lifespan of each ransomware variant, and use of malware attributed to government-sponsored threat groups, [Cinn...
19
Techniques
19
Covered
0
Gaps
100%
Coverage
Coverage19/19
COVERED (19)
T1021.002SMB/Windows Admin Shares67 det.T1047Windows Management Instrumentation85 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1059.006Python43 det.T1078Valid Accounts252 det.T1078.002Domain Accounts26 det.T1080Taint Shared Content2 det.T1090Proxy44 det.T1105Ingress Tool Transfer170 det.T1140Deobfuscate/Decode Files or Information55 det.T1190Exploit Public-Facing Application208 det.T1484.001Group Policy Modification18 det.T1543.003Windows Service79 det.T1567.002Exfiltration to Cloud Storage27 det.T1572Protocol Tunneling51 det.T1574.001DLL106 det.T1588.002Tool13 det.T1657Financial Theft12 det.