Threat actor · all actors
Cinnamon TempestG1021 state
🇨🇳 CN
aka Cinnamon Tempest, DEV-0401, Emperor Dragonfly, BRONZE STARLIGHT, SLIME34
Last updated: 2026-07-03
About this actor
[Cinnamon Tempest](https://attack.mitre.org/groups/G1021) is a China-based threat group that has been active since at least 2021 deploying multiple strains of ransomware based on the leaked [Babuk](https://attack.mitre.org/software/S0638) source code. [Cinnamon Tempest](https://attack.mitre.org/groups/G1021) does not operate their ransomware on an affiliate model or purchase access but appears to act independently in all stages of the attack lifecycle. Based on victimology, the short lifespan of each ransomware variant, and use of malware attributed to government-sponsored threat groups, [Cinnamon Tempest](https://attack.mitre.org/groups/G1021) may be motivated by intellectual property theft or cyberespionage rather than financial gain.(Citation: Microsoft Ransomware as a Service)(Citation: Microsoft Threat Actor Naming July 2023)(Citation: Trend Micro Cheerscrypt May 2022)(Citation: SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022)
Source: MITRE ATT&CK
Activity timeline
- 2023 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2021-4428 | 8.0 | 2.7 | 0.6862 | 2023-07-18 | see CVE |
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 19 / 26 | 73% |
AC-3 | 18 / 26 | 69% |
CM-6 | 17 / 26 | 65% |
AC-6 | 16 / 26 | 62% |
CM-2 | 16 / 26 | 62% |
AC-2 | 15 / 26 | 58% |
CM-7 | 14 / 26 | 54% |
SI-3 | 14 / 26 | 54% |
AC-5 | 13 / 26 | 50% |
CM-5 | 13 / 26 | 50% |
IA-2 | 12 / 26 | 46% |
CA-7 | 11 / 26 | 42% |
SI-10 | 11 / 26 | 42% |
SI-7 | 10 / 26 | 38% |
AC-4 | 9 / 26 | 35% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Blue Mockingbird 0.27
- Aquatic Panda 0.25
- Play 0.24
- Operation MidnightEclipse 0.24
- SharePoint ToolShell Exploitation 0.23
Active in same years
- Akira 1.00
- MirrorFace 1.00
- Clop 1.00
Same nation-state
- Night Dragon 1.00
- FunnyDream 1.00
- Operation Wocao 1.00
- C0017 1.00
- Cutting Edge 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00