Trace Id is missing

Financially Motivated Threat Actor Manatee Tempest

Blue hexagon pattern with O/O text.
Manatee Tempest (formerly DEV-0243) is a threat actor that is a part of the ransomware as a service (RaaS) economy, partnering with other threat actors to provide custom Cobalt Strike loaders. In Manatee Tempest’s initial partnerships with another threat actor, Mustard Tempest, the group deployed a custom ransomware payload known as WastedLocker, and then expanded to additional Manatee Tempest ransomware payloads developed in-house, such as PhoenixLocker and Macaw. Around November 2021, Manatee Tempest started to deploy the LockBit 2.0 RaaS payload in their intrusions. The use of a RaaS payload is likely an attempt to avoid attribution to their group, which could discourage payment due to their sanctioned status.

DETAILS

Also known as:

Microsoft Threat Intelligence: Recent Manatee Tempest Articles

Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself

Follow Microsoft Security