SYMBOL | COMMON_NAME | aka. SYNONYMS |
UNC2447 is a financially motivated threat actor with ties to multiple hacker groups. They have been observed deploying ransomware, including FiveHands and Hello Kitty, and engaging in double extortion tactics. They have been active since at least May 2020 and target organizations in Europe and North America.
There are currently no families associated with this actor.
2022-08-30
⋅
eSentire
⋅
Hacker Infrastructure Used in Cisco Breach Discovered Attacking a Top Workforce Management Corporation & an Affiliate of Russia’s Evil Corp Gang Suspected, Reports eSentire Cobalt Strike FiveHands UNC2447 |
2022-08-10
⋅
Cisco
⋅
Cisco Talos shares insights related to recent cyber attack on Cisco Yanluowang UNC2447 |
2021-05-03
⋅
Rewterz Information Security
⋅
Rewterz Threat Alert – Financially Motivated Aggressive Group Carrying Out Ransomware Campaigns – Active IOCs FiveHands SombRAT UNC2447 |