Common Information
| Type | Value |
|---|---|
| Value |
Cinnamon Tempest - G1021 |
| Category | Actor |
| Type | Mitre-Intrusion-Set |
| Misp Type | Cluster |
| Description | [Cinnamon Tempest](https://attack.mitre.org/groups/G1021) is a China-based threat group that has been active since at least 2021 deploying multiple strains of ransomware based on the leaked [Babuk](https://attack.mitre.org/software/S0638) source code. [Cinnamon Tempest](https://attack.mitre.org/groups/G1021) does not operate their ransomware on an affiliate model or purchase access but appears to act independently in all stages of the attack lifecycle. Based on victimology, the short lifespan of each ransomware variant, and use of malware attributed to government-sponsored threat groups, [Cinnamon Tempest](https://attack.mitre.org/groups/G1021) may be motivated by intellectual property theft or cyberespionage rather than financial gain.(Citation: Microsoft Ransomware as a Service)(Citation: Microsoft Threat Actor Naming July 2023)(Citation: Trend Micro Cheerscrypt May 2022)(Citation: SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-14 | 72 | Weekly Intelligence Report - 15 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-11-07 | 4 | China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait | ||
| Details | Website | 2024-10-02 | 6 | Chinese Threat Groups That Use Ransomware and Ransomware Groups That Use Chinese Names | ||
| Details | Website | 2024-04-11 | 2 | JSAC2024 -Day 2- - JPCERT/CC Eyes | ||
| Details | Website | 2024-01-19 | 1 | ThreeAM ransomware | ||
| Details | Website | 2023-11-15 | 4 | Chinese Scammers Cloning Websites for Massive Gambling Scam in Asia-Pacific Region | ||
| Details | Website | 2023-11-15 | 5 | Chinese Scammers Exploit Cloned Websites in Vast Gambling Network | ||
| Details | Website | 2023-11-11 | 3 | Geopolitical Cybercrime: LockBit attack on the ICBC | ||
| Details | Website | 2023-10-23 | 4 | 2023 Aug - Threat Trend Report on APT Groups - ASEC BLOG | ||
| Details | Website | 2023-08-20 | 70 | Bluepurple Pulse: week ending August 20th | ||
| Details | Website | 2023-08-19 | 0 | Chinese Hackers Use DLL Hijacking to Target Asian Gamblers - RedPacket Security | ||
| Details | Website | 2023-05-16 | 3 | กลุ่มแรนซัมแวร์ RA Group โจมตีองค์กรสหรัฐและเกาหลีใต้ | ||
| Details | Website | 2023-05-15 | 0 | New Ransomware Gang RA Group Hits U.S. and South Korean Organizations | ||
| Details | Website | 2023-03-21 | 4 | Researchers Reveal Insights into CatB Ransomware's Advanced Evasion Methods | ||
| Details | Website | 2023-03-20 | 4 | Researchers Shed Light on CatB Ransomware's Evasion Techniques | ||
| Details | Website | 2023-03-20 | 4 | Researchers Shed Light on CatB Ransomware's Evasion Techniques - RedPacket Security | ||
| Details | Website | 2023-02-13 | 0 | Cybersecurity Firm Group-IB Repeatedly Targeted by Chinese APT | ||
| Details | Website | 2023-01-16 | 1 | 4 Lessons Learned from Log4Shell - SOCRadar | ||
| Details | Website | 2022-12-27 | 4 | 12 Months of Fighting Cybercrime & Defending Enterprises | SentinelLabs 2022 Review | ||
| Details | Website | 2022-11-15 | 1 | SOC Prime Threat Bounty — October 2022 Results - SOC Prime | ||
| Details | Website | 2022-11-10 | 4 | Microsoft threat intelligence presented at CyberWarCon 2022 - Microsoft Security Blog | ||
| Details | Website | 2022-10-05 | 2 | Cheerscrypt Spyware Attributed to Chinese APT Entity | IT Security News | ||
| Details | Website | 2022-10-05 | 5 | Cheerscrypt Ransomware Detection: China-Backed Hackers, Emperor Dragonfly aka Bronze Starlight, Are Behind Ongoing Cyber Attacks - SOC Prime | ||
| Details | Website | 2022-10-04 | 2 | Linux Cheerscrypt ransomware is linked to Chinese DEV-0401 APT group | IT Security News | ||
| Details | Website | 2022-09-29 | 8 | Semiconductor Companies Targeted by Ransomware |