Threat actor · all actors
AkiraG1024 unknown
aka Akira, GOLD SAHARA, PUNK SPIDER, Howling Scorpius
Last updated: 2026-07-03
About this actor
[Akira](https://attack.mitre.org/groups/G1024) is a ransomware variant and ransomware deployment entity active since at least March 2023.(Citation: Arctic Wolf Akira 2023) [Akira](https://attack.mitre.org/groups/G1024) uses compromised credentials to access single-factor external access mechanisms such as VPNs for initial access, then various publicly-available tools and techniques for lateral movement.(Citation: Arctic Wolf Akira 2023)(Citation: Secureworks GOLD SAHARA) [Akira](https://attack.mitre.org/groups/G1024) operations are associated with "double extortion" ransomware activity, where data is exfiltrated from victim environments prior to encryption, with threats to publish files if a ransom is not paid. Technical analysis of [Akira](https://attack.mitre.org/software/S1129) ransomware indicates variants capable of targeting Windows or VMWare ESXi hypervisors and multiple overlaps with [Conti](https://attack.mitre.org/software/S0575) ransomware.(Citation: BushidoToken Akira 2023)(Citation: CISA Akira Ransomware APR 2024)(Citation: Cisco Akira Ransomware OCT 2024)
Source: MITRE ATT&CK
Activity timeline
- 2023 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2023-20263 | 3.5 | 4.7 | 0.0048 | 2023-09-06 | see CVE |
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 18 / 24 | 75% |
CM-2 | 17 / 24 | 71% |
AC-3 | 16 / 24 | 67% |
AC-6 | 15 / 24 | 62% |
CM-6 | 15 / 24 | 62% |
CM-7 | 13 / 24 | 54% |
AC-2 | 12 / 24 | 50% |
SI-3 | 12 / 24 | 50% |
SI-7 | 12 / 24 | 50% |
RA-5 | 11 / 24 | 46% |
AC-5 | 10 / 24 | 42% |
CA-7 | 10 / 24 | 42% |
IA-2 | 10 / 24 | 42% |
AC-17 | 9 / 24 | 38% |
CM-5 | 9 / 24 | 38% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- INC Ransom 0.26
- Play 0.23
- Indrik Spider 0.22
- C0018 0.22
- ToddyCat 0.22
Active in same years
- Cinnamon Tempest 1.00
- MirrorFace 1.00
- Clop 1.00