Microsoft has recently published a detailed analysis of a new and highly dangerous threat actor that has been flying under the radar. Known as Octo Tempest, this native English-speaking group is financially motivated and possesses extensive knowledge and experience.
Initially, Octo Tempest focused on selling SIM swaps and stealing accounts of individuals who were rich in cryptocurrencies. However, the group soon expanded its operations to include phishing, social engineering, and password resets for hacked service providers. Their ultimate goal was to gather as much sensitive data as possible.
What surprised Microsoft even more was Octo Tempest’s affiliation with BlackCat (also known as ALPHV), a notorious ransomware-as-a-service provider. Octo Tempest started deploying encryptors on their victims’ endpoints, showcasing their collaboration with a non-native English-speaking criminal group.
Octo Tempest primarily targets organizations in the gaming, hospitality, retail, manufacturing, technology, and financial sectors. They also occasionally go after managed service providers (MSPs). Disturbingly, the group resorts to threats of physical violence to gain initial access to their targets’ networks. Screenshots of chat logs have revealed instances of attackers threatening to harm victims and their families.
Once inside a network, Octo Tempest aims to expand its reach while remaining undetected. They suppress alerts of system changes and modify mailbox rules to avoid raising suspicion. The group’s end goal is to steal cryptocurrencies, sensitive data, or extort money through ransomware attacks.
For a more comprehensive account of Octo Tempest’s activities, Microsoft’s full report can be found here.
Please note that this news article has been crafted by SEO and high-end writer Pierre Herubel to ensure exceptional fluency and uniqueness in the English language.
I have over 10 years of experience in the cryptocurrency industry and I have been on the list of the top authors on LinkedIn for the past 5 years.