Microsoft lifts the lid on a dangerous new hacking group that could pose a major threat to your online accounts

(Image credit: Pixabay)

Microsoft has just released an in-depth analysis of a relatively unknown, but highly dangerous, new threat actor.

In its writeup, Microsoft dubbed the group Octo Tempest, and claims it to be a native English, financially motivated, threat actor, with extensive knowledge, plenty of experience, and zero scrupules. 

Octo Tempest was first formed in early 2022 and at the time it was oriented mostly towards selling SIM swaps and stealing accounts belonging to people rich in cryptocurrencies. A few months later, the group expanded its operations and started phishing, social engineering, as well as resetting huge amounts of passwords of hacked service providers. The goal of these campaigns was to steal as much sensitive data as possible.

BlackCat affiliates

Further still, the company became an affiliate of BlackCat (AKA ALPHV), a notorious ransomware-as-a-service provider, and started deploying encryptors on their victims’ endpoints, too. This was particularly surprising to Microsoft given that BlackCat isn’t known for teaming up with native English-speaking criminals.

Octo Tempest’s targets are usually organizations in the gaming, hospitality, retail, manufacturing, technology, and financial industries. Sometimes they will also go for managed service providers (MSPs). 

The group will stop at nothing to gain initial access into their target’s network, going as far as to threaten the victims with physical violence. A couple of chat log screenshots have shown the attacker threatening to send a shooter to the victim’s house to shoot their wife.

After gaining initial access, Octo Tempest will look to expand its reach as much as possible, but at the same time, try to keep a low profile and not raise any alarms. To that end, they were observed suppressing alerts of changes and modifying the mailbox rules.

The end goal of the group is to steal cryptocurrencies, sensitive data, or extort the victim's money through ransomware. The full report can be found here.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.