Security News > 2023 > October > Microsoft: Octo Tempest is one of the most dangerous financial hacking groups
Microsoft has published a detailed profile of a native English-speaking threat actor with advanced social engineering capabilities it tracks as Octo Tempest, that targets companies in data extortion and ransomware attacks.
Microsoft says that Octo Tempest also used direct physical threats in some cases to obtain logins that would advance their attack.
In an odd turn of events, Octo Tempest became an affiliate of the ALPHV/BlackCat ransomware-as-a-service operation, Microsoft says, and by June they started deploying both the Windows and Linux ransomware payloads, focusing on VMware ESXi servers lately.
Octo Tempest TTPs. Microsoft assesses that Octo Tempest is a well-organized group that includes members with extensive technical knowledge and multiple hand-on-keyboard operators.
According to Microsoft, Octo Tempest tries to hide their presence on the network by suppressing alerts of changes and modifying the mailbox rules to delete emails that could raise the victim's suspicions of a breach.
Octo Tempest is financially motivated and achieves its goals through stealing cryptocurrency, data theft extortion, or encrypting systems and asking for a ransom.