Concise Cyber

Subscribe below for free to get these delivered straight to your inbox

Advertisements
Akira Ransomware Targets Critical Sectors by Exploiting Edge Devices and Backup Servers
Advertisements

U.S. cybersecurity agencies are warning that the Akira ransomware group is continuing to intensify attacks against critical industries by taking advantage of vulnerabilities in edge devices, VPNs, and backup servers. The threat campaign has affected a wide mix of organizations, with investigators noting ongoing abuse of stolen credentials, compromised remote access, and double-extortion tactics.

Akira expands attacks across critical industries

According to the FBI and the Cybersecurity and Infrastructure Security Agency, Akira has been actively targeting organizations in sectors that include manufacturing, education, healthcare, information technology, financial services, and food and agriculture. Officials said the group primarily goes after small and medium-sized businesses, but it has also struck larger enterprises across multiple sectors.

The agencies said the activity has expanded over recent months and included collaboration with other threat groups. Akira has also been linked to a surge in attacks against SonicWall firewall customers that began in July.

How Akira is gaining access

The updated advisory from the FBI and CISA says the group has relied on several methods to enter victim networks, including theft of credentials and exploitation of known vulnerabilities in internet-facing systems.

  • Targeting VPNs, including SonicWall products
  • Exploiting weaknesses in backup servers
  • Abusing remote access tools such as AnyDesk and LogMeIn
  • Using RDP access to move within compromised environments
  • Taking advantage of VPNs without multifactor authentication

Officials also said Akira has exploited vulnerabilities in Cisco products and, in one June incident, encrypted Nutanix AHV VM disk files, marking a shift beyond prior activity involving VMware ESXi and Hyper-V.

Financial gains and recent activity

FBI Cyber Division Assistant Director Brett Leatherman said Akira had claimed more than $244 million in proceeds from its attacks as of September. Researchers at Sophos X-Ops also linked 149 victims to Akira ransomware incidents in the past 90 days.

Sophos said its incident response and managed detection and response teams have assisted with multiple cases connected to the group. Alexandra Rose, director of the Sophos Counter Threat Unit, said the group continues to use compromised credentials, exploit the recent SonicWall VPN vulnerability, and abuse RDP access.

What defenders should prioritize

CISA and the FBI urged organizations to reduce exposure by improving basic defensive controls and hardening remote access paths. The agencies emphasized prompt patching and phishing-resistant multifactor authentication, along with close monitoring of networks and endpoints.

Akira’s attacks also continue to rely on double extortion, in which stolen data is encrypted and then threatened with publication on the group’s Tor-based leak site. Google Threat Intelligence Group said manufacturing, legal and professional services, and construction and engineering have been the most frequently targeted sectors, with construction attacks increasing in the past month.

As Akira continues to exploit common enterprise weaknesses, the warning from U.S. officials reinforces the importance of securing edge devices, backup infrastructure, and remote access services.

All articles are written here with the help of AI on the basis of openly available information which cannot be independently verified. We do strive to quote the relevant sources.The intent is only to summarise what is already reported in public forum in our own wordswith no intention to plagarise or copy other person’s work.The publisher has no intent to defame or cause offence to anyone, any person or any organisation at any moment.The publisher assumes no responsibility for any damage or loss caused by making decisions on the basis of whatever is published on cyberconcise.com.You’re advised to do your own checks and balances before making any decision, and owners and publishers at cyberconcise.com cannot be held accountable for its resulting ramifications.If you have any objections, concerns or point out anything factually incorrect, please reach out using the form on https://concisecyber.com/about/

Discover more from Concise Cyber

Subscribe now to keep reading and get access to the full archive.

Continue reading