APT Profile: Cinnamon Tempest

Aliases: Cinnamon Tempest, DEV-0401, Emperor Dragonfly, BRONZE STARLIGHT

Description

[Cinnamon Tempest](https://attack.mitre.org/groups/G1021) is a China-based threat group that has been active since at least 2021 deploying multiple strains of ransomware based on the leaked [Babuk](https://attack.mitre.org/software/S0638) source code. [Cinnamon Tempest](https://attack.mitre.org/groups/G1021) does not operate their ransomware on an affiliate model or purchase access but appears to act independently in all stages of the attack lifecycle. Based on victimology, the short lifespan of each ransomware variant, and use of malware attributed to government-sponsored threat groups, [Cinnamon Tempest](https://attack.mitre.org/groups/G1021) may be motivated by intellectual property theft or cyberespionage rather than financial gain.(Citation: Microsoft Ransomware as a Service)(Citation: Microsoft Threat Actor Naming July 2023)(Citation: Trend Micro Cheerscrypt May 2022)(Citation: SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022)

Techniques Used (TTPs)

Total TTPs: 19

Malware & Tools

Malware: Cheerscrypt, Cobalt Strike, HUI Loader, Pandora, PlugX

Tools: Impacket, Rclone, Sliver

← Return to Home ← Back to APT Search