As per FireEye’s Mandiant team, a sophisticated and aggressive cybercrime group exploited a zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) appliances earlier in 2021 before the vendor issued a patch.
The threat actor, codenamed UNC2447, is financially driven and has shown advanced capabilities in attacks against organizations in Europe and North America, allowing it to go undetected. Security software, firewall policies, and device security settings have all been tampered with by the community.
FireEye reports the cyber-group has been using ransomware and malware like FiveHands, Sombrat, the Warprism PowerShell dropper, FoxGrabber, and the Cobalt Strike beacon, since November 2020. It’s activity also shows RagnarLocker and HelloKitty ransomware affiliation.
To Read More: securityweek