ICIC
RU

Akira

Medium ConfidenceHigh Threat

Storm-1567

Akira is a ransomware operation that emerged in March 2023, targeting small to medium-sized businesses across various sectors. The group is believed to have connections to the disbanded Conti ransomware operation. Akira employs double extortion tactics and has targeted organizations in North America, Europe, and Australia. The group is known for exploiting VPN vulnerabilities for initial access and using legitimate tools for network reconnaissance.

Origin: Russia
Sponsor: Cybercriminal (No State Sponsor)
Active: 2023 - Present
Victims: 250+ organizations
Advanced
Active
Financial Gain
Risk Assessment
72
Composite Risk Score
High Risk
ARCS Compliance75
Escalation Risk72
Grievance Index62
Infrastructure Impact78
History & Evolution

Akira is a ransomware operation that emerged in March 2023, targeting small to medium-sized businesses across various sectors. The group is believed to have connections to the disbanded Conti ransomware operation. Akira employs double extortion tactics and has targeted organizations in North America, Europe, and Australia. The group is known for exploiting VPN vulnerabilities for initial access and using legitimate tools for network reconnaissance.

Targeting

Target Sectors

ManufacturingProfessional ServicesHealthcareEducation

Target Regions

United StatesEuropeAustralia
Attribution & Affiliations

Attributed to Cybercriminal (No State Sponsor) (Russia). Attribution confidence: Medium.

Intelligence Assessment
High
Threat Level
Moderately
Targeting
Moderately
Adaptability
High
Persistence
Continuous
Op Tempo
Active
Status

Future Outlook

Akira is expected to continue operations targeting Manufacturing sectors.

Timeline of Key Events
2023
Major

First observed activity of Akira

2024
Moderate

Continued active operations