Security News > 2023 > October > Microsoft Exposes Octo Tempest, One of the Most Dangerous Financial Threat Actors to Date

Microsoft exposes Octo Tempest, an English-speaking threat actor that runs extortion, encryption and destruction campaigns at a wide variety of industries.

A new report from Microsoft Incident Response and Microsoft Threat Intelligence teams exposed the activities and constant evolution of a financially oriented threat actor named Octo Tempest, who deploys advanced social engineering techniques to target companies, steal data and run ransomware campaigns.

While a lot of threat actors disable security measures on a compromised system, Octo Tempest pushes it one step further by modifying the security staff mailbox rules to automatically delete emails from security vendors that might alert the staff.

Octo Tempest is a financially oriented threat actor whose members are native English-speakers.

Octo Tempest then became an affiliate of the ALPHV/BlackCat ransomware, a surprising move knowing that Eastern European ransomware groups typically refuse English-speaking affiliates.

Microsoft noted the group is highly skilled: "In recent campaigns, we observed Octo Tempest leverage a diverse array of TTPs to navigate complex hybrid environments, exfiltrate sensitive data, and encrypt data. Octo Tempest leverages tradecraft that many organizations don't have in their typical threat models, such as SMS phishing, SIM swapping, and advanced social engineering techniques."

News URL

https://www.techrepublic.com/article/microsoft-octo-tempest-threat-actor/