Ransomware Group

IceFire

Status: active • First seen 2022-0350+ known victims

IceFire started on Windows but moved to attacking Linux servers. They use vulnerabilities in IBM file transfer software that media companies commonly use.

Overview

IceFire originally targeted Windows but pivoted to Linux servers, exploiting IBM Aspera Faspex vulnerabilities to compromise media and technology companies.

Target Industries

Technology, Media, Entertainment, Professional Services

How They Attack

  • Linux pivot
  • IBM Aspera exploitation
  • Double extortion
  • Media targeting

Notable Victims

Media companies (2023), Technology firms

Is your business exposed?

How to Protect Against IceFire

  1. 1.

    Patch IBM Aspera Faspex

  2. 2.

    Harden Linux servers

  3. 3.

    Implement media sector security

MITRE ATT&CK Techniques

T1190, T1486, T1567, T1059

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices