Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Microsoft says Octo Tempest is ready to attack servers with new weapons

The best defense: keep your servers updated.

3 min. read

Published onJuly 18, 2024

published onJuly 18, 2024

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

In today’s world, where the dangers of cyber attacks are growing, Microsoft has warned about a very risky cybercrime group called Octo Tempest. This group is known for its complex assaults on VMWare ESXi servers, andaccording to an X thread, it has now added two fresh ransomware payloads: RansomHub and Qilin. These occurrences indicate a major increase in the field of cybercrime, presenting an increased danger to organizations all over the globe.

In the second quarter of 2024, financially motivated threat actor Octo Tempest, our most closely tracked ransomware threat actor, added RansomHub and Qilin to its ransomware payloads in campaigns.pic.twitter.com/iS3nnnoxSm

In the second quarter of 2024, financially motivated threat actor Octo Tempest, our most closely tracked ransomware threat actor, added RansomHub and Qilin to its ransomware payloads in campaigns.

The organization is not new. Microsoft made Octo Tempest public in October 2023, and its members aren’t just your average hackers—its members boast an impressive skill set that includes high-level social engineering techniques, identity compromise strategies, and unwavering persistence in their attacks. First, they used BlackCat ransomware. However, as BlackCat is no longer active, they have switched to RansomHub and Qilin, which is a big change in how they carry out cyber extortion.

The switch to this fresh ransomware tool happened because Octo Tempest broke into Change Healthcare through an affiliate, getting a payment of $22 million. But unexpectedly, the people who maintain BlackCat took control of the ransom and disappeared into internet spaces without leaving any trace behind them – only chaos and gigabytes full of sensitive information were left as evidence of their actions. This event caused the birth of RansomHub, which later became known for being involved in serious attacks against well-known places such as Christie’s, Rite Aid, and NRS Healthcare.

The way it’s used is especially concerning. RansomHub is frequently deployed during post-compromise situations, usually arranged by Manatee Tempest after Mustard Tempest acquires initial access through FakeUpdates/Socgholish infections. This multi-layered attack approach highlights the complex and organized actions of Octo Tempest.

Now, what can organizations do to protect themselves from these changing threats? Microsoft provides basic yet important guidance: keep systems updated and patched to block vulnerabilities, establish strong access controls, teach workers about the risks of phishing and social engineering, and ensure complete security solutions in place that can discover and stop attacks before they cause harm. Also, keeping regular data backups in safe places is vital for recovering from a ransomware attack.

The cyber threat environment is always changing; lately,it has adopted AI to strengthen its attacks. Octo Tempest represents a new wave of cybercrime that keeps pushing the limits. More than ever, it’s crucial to be aware and take action with cybersecurity methods to protect against these constantly changing risks.

More about the topics:microsoft,security

Milan Stanojevic

Windows Toubleshooting Expert

Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He’s a PC enthusiast and he spends most of his time learning about computers and technology.

Before joining WindowsReport, he worked as a front-end web developer. Now, he’s one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Milan Stanojevic

Windows Toubleshooting Expert

Before joining WindowsReport, he worked as a front-end web developer. Now, he’s specialized in Windows errors & software issues.