Earlier this year, money-oriented cybercriminals leveraged a zero-day vulnerability that has been introduced by SonicWall in its Secure Mobile Access (SMA) 100 Series VPN appliances to install advanced ransomware studied as FiveHands, victims are reported to be North American and European networks.
The operation was traced by FireEye’s Mandiant cyber analysts as “UNC2447’’. Analysts unit has informed that the group took advantage of the CVE-2021-20016 SonicWall bug to breach networks and further install FiveHands ransomware payloads before the vendor released patches in late February 2021. Further, the report also reads that the threat actor poses advanced skills in exploiting networks.
Additionally, over the past half a year, a brand new cyber hacker group has been noticed to be exploiting a wide range of malware and creating pressure on ransomware victims into making payments.
Previously in similar contexts, FireEye reported that the cyber attackers have been deploying ransomware families and malware such as FiveHands (a variant of the DeathRansom ransomware), Sombrat, the Cobalt Strike beacon, the Warprism PowerShell dropper, and FoxGrabber, additionally the new ransomware's actions also demonstrated signs of RagnarLocker and HelloKitty ransomware affiliation.
“When affiliate-based ransomware is observed by Mandiant, uncategorized clusters are assigned based on the infrastructure used, and in the case of UNC2447 were based on the Sombrat and Cobalt Strike Beacon infrastructure used across 5 intrusions between November 2020 and February 2021,” FireEye reported.
The group deployed a critical SQL injection flaw in SonicWall SMA100 series devices, which will give remote access to attackers and further, access to login credentials, session information, and other vulnerable appliances.
The existence of the vulnerability was first observed in Januar ..
Support the originator by clicking the read the rest link below.