Security News > 2023 > October > Microsoft unveils shady shenanigans of Octo Tempest and their cyber-trickery toolkit

The "Unique" native English-speaking group is tracked by Microsoft as Octo Tempest and in the space of a year has demonstrated a consistent and rapid evolution to become one of the most well-equipped cybercrime groups in existence.

After initially exploring ransomware as part of its toolset, Octo Tempest originally conducted attacks without dropping an encryption payload, sticking with the data extortion tactics it had adopted starting in late 2022.

Octo Tempest is also tracked using other names by different security companies, such as Crowdstrike's Scattered Spider, and while Microsoft hasn't outright pinned Octo Tempest activity to the attacks on MGM, the group has claimed responsibility for them.

Microsoft said Octo Tempest exhibits a wide range of techniques in its attacks that are indicative of a well-organized group consisting of multiple experienced individuals.

Defenders can look out for PingCastle and ADRecon activity as potential signals of Octo Tempest activity to investigate an organization's Active Directory.

The full list of tooling Octo Tempest uses against its victims is detailed extensively in Microsoft's report on the group, including its "Unorthodox" tips for proactive threat hunting and configurations for Azure and Entra ID. As well as educating their workforce on the sophisticated and diverse threat Octo Tempest presents, organizations were also advised that their typical communication channels may not be safe and out-of-band channels should be considered, where possible.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/27/octo_tempest_microsoft/