Microsoft, the tech giant, has recently published a detailed analysis of a dangerous new threat actor known as Octo Tempest. This threat actor is relatively unknown but poses a significant risk. Microsoft describes Octo Tempest as a financially motivated group with native English-speaking members who possess extensive knowledge and experience in cybercrime.

Octo Tempest was formed in early 2022, initially focusing on selling SIM swaps and stealing accounts belonging to individuals with significant cryptocurrency holdings. However, the group expanded its operations a few months later, engaging in phishing, social engineering, and password resetting to steal sensitive data.

Interestingly, Octo Tempest became an affiliate of BlackCat, also known as ALPHV, a notorious ransomware-as-a-service provider. This partnership allowed them to deploy encryptors on victims’ endpoints, a surprising collaboration given BlackCat’s usual preference for non-English-speaking criminals.

The group primarily targets organizations in various industries such as gaming, hospitality, retail, manufacturing, technology, and finance. They also occasionally target managed service providers (MSPs). Octo Tempest employs aggressive tactics to gain initial access to their targets’ networks, even resorting to physical threats. Chat log screenshots have revealed instances where the attacker threatened victims with harm, including sending a shooter to their homes.

Once inside a network, Octo Tempest aims to expand its reach while maintaining a low profile to avoid detection. They have been observed suppressing alerts and modifying mailbox rules to operate undetected. Their ultimate goal is to steal cryptocurrencies, sensitive data, or extort money through ransomware attacks.

For further information, Microsoft’s full report on Octo Tempest can be found here.

(Source: Microsoft)