← Back to Actors
Cinnamon Tempest
Cinnamon TempestDEV-0401Emperor DragonflyBRONZE STARLIGHT
[Cinnamon Tempest](https://attack.mitre.org/groups/G1021) is a China-based threat group that has been active since at least 2021 deploying multiple strains of ransomware based on the leaked [Babuk](https://attack.mitre.org/software/S0638) source code. [Cinnamon Tempest](https://attack.mitre.org/groups/G1021) does not operate their ransomware on an affiliate model or purchase access but appears to act independently in all stages of the attack lifecycle. Based on victimology, the short lifespan of each ransomware variant, and use of malware attributed to government-sponsored threat groups, [Cinn...
19
Techniques
19
Covered
0
Gaps
100%
Coverage
Coverage19/19
COVERED (19)
T1021.002SMB/Windows Admin Shares73 det.T1047Windows Management Instrumentation87 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1059.006Python49 det.T1078Valid Accounts280 det.T1078.002Domain Accounts28 det.T1080Taint Shared Content2 det.T1090Proxy46 det.T1105Ingress Tool Transfer183 det.T1140Deobfuscate/Decode Files or Information58 det.T1190Exploit Public-Facing Application216 det.T1484.001Group Policy Modification19 det.T1543.003Windows Service79 det.T1567.002Exfiltration to Cloud Storage29 det.T1572Protocol Tunneling56 det.T1574.001DLL109 det.T1588.002Tool13 det.T1657Financial Theft14 det.