Trace Id is missing
Nation State Actor Periwinkle Tempest
A close-up of a planet
Periwinkle Tempest (formerly DEV-0193) is responsible for developing, distributing, and managing many different payloads, including Trickbot, Bazaloader, and AnchorDNS. In addition, Periwinkle Tempest managed the Ryuk ransomware as a service program before the latter’s shutdown in June 2021, and Ryuk’s successor, Conti as well as Diavol. Microsoft has been tracking the activities of Periwinkle Tempest since October 2020 and has observed their expansion from developing and distributing the Trickbot malware to becoming the most prolific ransomware-associated cybercriminal activity group active today.   As other malware operations have shut down for various reasons, including legal actions, Periwinkle Tempest has hired developers from Emotet, Qakbot, and IcedID.

Also known as:                                                                        Industries targeted:

 

Trickbot LLC                                                                               Education                                                      

                                                                                                   Healthcare                                                                                                                                                                                             

Microsoft Threat Intelligence: Recent Periwinkle Tempest Articles

Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself

HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability