Microsoft, the tech giant known for its software and services, has recently released a comprehensive analysis on a new and highly dangerous threat actor that has emerged. The group, named Octo Tempest by Microsoft, is described as a financially motivated, native English-speaking threat actor with extensive knowledge and experience, and a complete lack of ethical principles.
Octo Tempest was first formed in early 2022, initially focusing on activities such as selling SIM swaps and stealing cryptocurrency-related accounts. However, the group soon expanded its operations to include phishing, social engineering, and password resets for hacked service providers. The ultimate goal of these campaigns was to gather as much sensitive data as possible.
In a surprising turn of events, Octo Tempest became an affiliate of BlackCat (also known as ALPHV), a well-known ransomware-as-a-service provider. This partnership led to the deployment of encryptors on the victims’ endpoints, marking a significant escalation in the group’s activities. Microsoft found it particularly noteworthy as BlackCat is not typically associated with English-speaking criminals.
Octo Tempest primarily targets organizations in various sectors, including gaming, hospitality, retail, manufacturing, technology, and finance. In some cases, they also go after managed service providers (MSPs). The group employs aggressive tactics to gain initial access to their targets’ networks, even resorting to physical threats of violence. Chat log screenshots have revealed instances where the attacker threatened to send someone to shoot the victim’s spouse at their home.
Once inside a network, Octo Tempest seeks to expand its reach while maintaining a low profile to avoid detection. They have been observed suppressing alerts and modifying mailbox rules to fly under the radar. The ultimate objective for the group is to steal cryptocurrencies, sensitive data, or extort money through ransomware attacks.
Microsoft’s full report on Octo Tempest, including detailed information and analysis, can be found here. It serves as a crucial resource for organizations and individuals to better understand this evolving threat landscape and take appropriate measures to protect themselves.
