← Back to Actors
Cinnamon Tempest
Cinnamon TempestDEV-0401Emperor DragonflyBRONZE STARLIGHT
[Cinnamon Tempest](https://attack.mitre.org/groups/G1021) is a China-based threat group that has been active since at least 2021 deploying multiple strains of ransomware based on the leaked [Babuk](https://attack.mitre.org/software/S0638) source code. [Cinnamon Tempest](https://attack.mitre.org/groups/G1021) does not operate their ransomware on an affiliate model or purchase access but appears to act independently in all stages of the attack lifecycle. Based on victimology, the short lifespan of each ransomware variant, and use of malware attributed to government-sponsored threat groups, [Cinn...
19
Techniques
19
Covered
0
Gaps
100%
Coverage
Coverage19/19
COVERED (19)
T1021.002SMB/Windows Admin Shares74 det.T1047Windows Management Instrumentation88 det.T1059.001PowerShell372 det.T1059.003Windows Command Shell83 det.T1059.006Python51 det.T1078Valid Accounts297 det.T1078.002Domain Accounts28 det.T1080Taint Shared Content2 det.T1090Proxy48 det.T1105Ingress Tool Transfer184 det.T1140Deobfuscate/Decode Files or Information58 det.T1190Exploit Public-Facing Application227 det.T1484.001Group Policy Modification19 det.T1543.003Windows Service79 det.T1567.002Exfiltration to Cloud Storage31 det.T1572Protocol Tunneling59 det.T1574.001DLL111 det.T1588.002Tool13 det.T1657Financial Theft15 det.