SYMBOLCOMMON_NAMEaka. SYNONYMS

Storm-1567  (Back to overview)

aka: Akira, GOLD SAHARA, PUNK SPIDER

Storm-1567 is the threat actor behind the Ransomware-as-a-Service Akira. They attacked Swedish organizations in March 2023. This ransomware utilizes the ChaCha encryption algorithm, PowerShell, and Windows Management Instrumentation (WMI). Microsoft's Defender for Endpoint successfully blocked a large-scale hacking campaign carried out by Storm-1567, highlighting the effectiveness of their security solution.


Associated Families
elf.akira win.akira

References
2025-05-08DataBreaches.net@chum1ng0, Dissent
Negotiations with the Akira ransomware group: an ill-advised approach
Akira
2025-05-05Security ChuSecurity Chu
Negotiations with the Akira ransomware group: an ill-advised approach
Akira Akira
2025-04-24MandiantMandiant
M-Trends 2025 Report
Akira Black Basta LockBit SystemBC GootLoader LockBit WIREFIRE Akira Black Basta Cobalt Strike LockBit RansomHub SystemBC Pink Sandstorm
2025-03-13Tinyhack.comtinyhack
Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs
Akira
2025-03-07MalwareAnalysisSpaceSeeker
Akira Ransomware Expands to Linux: the attacking abilities and strategies
Akira
2025-01-08ThreatMonAlp Cihangir Aslan, Aziz Kaplan, Ozan Ünal, ThreatMon, ThreatMon Malware Research Team
Akira Ransomware Group & Malware Analysis Report
Akira
2024-12-03Check Point ResearchCheck Point Research
Inside Akira Ransomware’s Rust Experiment
Akira
2024-11-04Medium (@DCSO_CyTec)Denis Szadkowski, Johann Aydinbas, Maike Orlikowski, Paul van Ramesdonk
Unransomware: From Zero to Full Recovery in a Blink
Akira
2024-10-24Arctic WolfAkshay Suthar, Stefan Hostetler, Steven Campbell
Arctic Wolf Labs Observes Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN
Akira Akira
2024-09-11loginsoftT B L N Shashank Mannar
Akira Ransomware: The Evolution of a Major Threat
Akira Akira
2024-06-19Joshua Penny, vc0RExor
Akira: The old-new style crime
Akira
2024-05-14S-RMCallum Wilson, Ineta Simkunaite
Breaking new ground? Uncovering Akira's privilege escalation techniques
Akira
2024-01-04Arctic WolfStefan Hostetler, Steven Campbell
Follow-On Extortion Campaign Targeting Victims of Akira and Royal Ransomware
Akira Royal Ransom
2023-12-20Sophos X-OpsMark Loman, Matt Wixey
CryptoGuard: An asymmetric approach to the ransomware battle
Akira LockBit Storm-1567
2023-12-13Kaspersky LabsGReAT
FakeSG campaign, Akira ransomware and AMOS macOS stealer
AMOS Akira Storm-1567
2023-11-29TrellixAlexandre Mundo, Max Kersten
Akira Ransomware
Akira Akira Storm-1567
2023-11-29TrellixAlexandre Mundo, Max Kersten
Akira Ransomware
Akira
2023-11-28IntrinsecCERT Intrinsec, Intrinsec
Aki-RATs – Command and Control Party
Akira
2023-10-11MicrosoftAmir Kutcher, Charles-Edouard Bettan, Edan Zwick, Noam Hadash, Yair Tsarfaty
Automatic disruption of human-operated attacks through containment of compromised user accounts
Akira Akira
2023-09-15CyberCXPhill Moore, Suyash Tripathi, Yogesh Khatri, Zach Stanford
Weaponising VMs to bypass EDR – Akira ransomware
Akira
2023-09-14SekoiaLivia Tibirna
Sekoia.io mid-2023 Ransomware Threat Landscape
8Base Akira Cactus Storm-1567
2023-08-23StairwellSilas Cutler
Akira: Pulling on the chains of ransomware
Akira
2023-08-10Avast DecodedThreat Research Team
Unveiling the Dominance of Scams Amidst a 24% Surge in Blocked Attacks
Storm-1567
2023-07-27Bankinfo SecurityMathew J. Schwartz
Are Akira Ransomware's Crypto-Locking Malware Days Numbered?
Akira Ryuk
2023-07-26Arctic WolfAkshay Suthar, Connor Belfiore, Steven Campbell
Conti and Akira: Chained Together
Akira Conti
2023-07-25K7 SecurityVigneshwaran P
Akira’s Play with Linux
Akira
2023-06-29Avast DecodedThreat Research Team
Decrypted: Akira Ransomware
Akira
2023-05-09SophosPaul Jaramillo
Akira Ransomware is “bringin’ 1988 back”
Akira
2023-04-28Twitter (@MalGamy12)Gameel Ali
Tweet explaning similarity between Conti and Akira code
Akira

Credits: MISP Project