Introduction
Cinnamon Tempest is a China-based threat group that has been active since at least 2021 deploying multiple strains of ransomware based on the leaked Babuk source code. Cinnamon Tempest does not operate their ransomware on an affiliate model or purchase access but appears to act independently in all stages of the attack lifecycle. Based on victimology, the short lifespan of each ransomware variant, and use of malware attributed to government-sponsored threat groups, Cinnamon Tempest may be motivated by intellectual property theft or cyberespionage rather than financial gain. Microsoft Ransomware as a Service Microsoft Threat Actor Naming July 2023 Trend Micro Cheerscrypt May 2022 SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022
Activities and Tactics
Country of Origin: 🇨🇳 China
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
Information pending cataloguing.
Attribution and Evidence
Country of Origin: China Additional attribution information pending cataloguing.
References
[1] MITRE ATT&CK MITRE ATT&CK entry [2] Microsoft Ransomware as a Service [3] Microsoft Threat Actor Naming July 2023 [4] Trend Micro Cheerscrypt May 2022 [5] SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022