UNC2447 (Threat Actor)

SYMBOL	COMMON_NAME	aka. SYNONYMS

UNC2447 (Back to overview)

UNC2447 is a financially motivated threat actor with ties to multiple hacker groups. They have been observed deploying ransomware, including FiveHands and Hello Kitty, and engaging in double extortion tactics. They have been active since at least May 2020 and target organizations in Europe and North America.

Associated Families

There are currently no families associated with this actor.

References

2022-08-30 ⋅ eSentire ⋅ eSentire Threat Response Unit (TRU)
Hacker Infrastructure Used in Cisco Breach Discovered Attacking a Top Workforce Management Corporation & an Affiliate of Russia’s Evil Corp Gang Suspected, Reports eSentire
Cobalt Strike FiveHands UNC2447

2022-08-10 ⋅ Cisco ⋅ Nick Biasini
Cisco Talos shares insights related to recent cyber attack on Cisco
Yanluowang UNC2447

2021-05-03 ⋅ Rewterz Information Security ⋅ Rewterz Information Security
Rewterz Threat Alert – Financially Motivated Aggressive Group Carrying Out Ransomware Campaigns – Active IOCs
FiveHands SombRAT UNC2447

Credits: MISP Project