APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
UNC3944 (aka Roasted 0ktapus, Octo Tempest) · APT Atlas
Actors
/
Cybercrime
/
Americas
UNC3944
CRIME
US · United States
AKA
Roasted 0ktapus · Octo Tempest · Scatter Swine · Muddled Libra · Star Fraud
Microsoft
:
Storm-0875
CrowdStrike
:
Scattered Spider
Native-English-speaking eCrime collective known for social-engineering helpdesks.
Targets
20
Sectors
19
Threat types
2
GIRs covered
0/480
Active since
2022
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 20 countries
Region filter
Export
origin · United States
targeted countries · 20
OCEANIA ·
1
Australia
AMERICAS ·
3
Brazil
·
Canada
·
United States
EUROPE ·
9
Switzerland
·
Germany
·
Spain
·
Finland
·
France
·
United Kingdom
·
Italy
·
Luxembourg
·
Sweden
ASIA ·
7
Israel
·
India
·
Japan
·
South Korea
·
Philippines
·
Singapore
·
Thailand
Sectors targeted
19 of 40
Aerospace
49 actors
Financial Services
61 actors
Cryptocurrency
17 actors
Healthcare
38 actors
Pharmaceutical
24 actors
Telecom
57 actors
Retail & Hospitality
25 actors
Energy / Utilities
49 actors
Manufacturing (man)
40 actors
Media & Journalism
41 actors
Logistics
18 actors
Real Estate
7 actors
Hospitality
26 actors
Transport & Logistics
6 actors
Food and Beverage
8 actors
Legal & Professional
13 actors
Consulting / Professional Services
26 actors
Industrials / Engineering
23 actors
Consumer Goods / Electronics
16 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
ext · Extortion
RAN · Ransomware
MITRE ATT&CK · 40 techniques
Reconnaissance
· 1
T1598
Phishing for Information
Initial Access
· 1
T1566
Phishing
Execution
· 4
T1059
Command and Scripting Interpreter
Persistence
· 3
T1098
Account Manipulation
T1136
Create Account
Privilege Escalation
· 1
T1068
Exploitation for Privilege Escalation
Credential Access
· 5
T1003.003
NTDS
T1552.001
Credentials In Files
Discovery
· 6
T1016
System Network Configuration Discovery
Lateral Movement
· 3
T1021.001
Remote Desktop Protocol
T1021.004
SSH
Collection
· 3
T1074
Data Staged
Exfiltration
· 2
T1041
Exfiltration Over C2 Channel
T1567.002
Exfiltration to Cloud Storage
Impact
· 3
T1486
Data Encrypted for Impact
Command And Control
· 3
T1090
Proxy
Defense Impairment
· 2
T1578.002
Create Cloud Instance
T1685
Disable or Modify Tools
Stealth
· 3
T1078
Valid Accounts
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
FIN2
cybercrime
unattributed · 0 targets · since —
FIN3
cybercrime
unattributed · 1 targets · since —
FIN6
cybercrime
Russia · 15 targets · since 2014
FIN10
cybercrime
unattributed · 1 targets · since 2013
FIN13
cybercrime
unattributed · 4 targets · since 2013
UNC1543
cybercrime
unattributed · 22 targets · since —
T1059.001
PowerShell
T1059.004
Unix Shell
T1204
User Execution
T1543.002
Systemd Service
T1552.004
Private Keys
T1555.005
Password Managers
T1621
Multi-Factor Authentication Request Generation
T1018
Remote System Discovery
T1083
File and Directory Discovery
T1087
Account Discovery
T1217
Browser Information Discovery
T1538
Cloud Service Dashboard
T1021.007
Cloud Services
T1114.003
Email Forwarding Rule
T1213.005
Messaging Applications
T1490
Inhibit System Recovery
T1657
Financial Theft
T1105
Ingress Tool Transfer
T1219.002
Remote Desktop Software
T1078.004
Cloud Accounts
T1684.001
Impersonation