1. Home
  2. Software
  3. cipher.exe

cipher.exe

cipher.exe is a native Microsoft utility that manages encryption of directories and files on NTFS (New Technology File System) partitions by using the Encrypting File System (EFS).[1]

ID: S1205
Type: TOOL
Platforms: Windows
Version: 1.0
Created: 25 February 2025
Last Modified: 10 March 2025
Version Permalink
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1561 .001 Disk Wipe: Disk Content Wipe

cipher.exe can be used to overwrite deleted data in specified folders.[2]

Groups That Use This Software

ID Name References
G0007 APT28

[2]

Campaigns

ID Name Description
C0051 APT28 Nearest Neighbor Campaign

APT28 [2]
APT28 Nearest Neighbor Campaign [2]

References

  1. Microsoft Support. (n.d.). Cipher.exe Security Tool for the Encrypting File System. Retrieved February 25, 2025.
  1. Koessel, Sean. Adair, Steven. Lancaster, Tom. (2024, November 22). The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access. Retrieved February 25, 2025.