UNC2447  (Back to overview)

UNC2447 is a financially motivated threat actor with ties to multiple hacker groups. They have been observed deploying ransomware, including FiveHands and Hello Kitty, and engaging in double extortion tactics. They have been active since at least May 2020 and target organizations in Europe and North America.

Associated Families

There are currently no families associated with this actor.

2022-08-30eSentireeSentire Threat Response Unit (TRU)
Hacker Infrastructure Used in Cisco Breach Discovered Attacking a Top Workforce Management Corporation & an Affiliate of Russia’s Evil Corp Gang Suspected, Reports eSentire
Cobalt Strike FiveHands UNC2447
2022-08-10CiscoNick Biasini
Cisco Talos shares insights related to recent cyber attack on Cisco
Yanluowang UNC2447
2021-05-03Rewterz Information SecurityRewterz Information Security
Rewterz Threat Alert – Financially Motivated Aggressive Group Carrying Out Ransomware Campaigns – Active IOCs
FiveHands SombRAT UNC2447

Credits: MISP Project