Tuesday, September 17, 2024
HomeRansomwareHackers Abuses SonicWall Zero-day to Deploy New Ransomware

Hackers Abuses SonicWall Zero-day to Deploy New Ransomware

Published on

The cybersecurity research team at FireEye has recently detected back to back three vulnerability in Sonicwall’s email security software.

In a regular analysis, the experts have again detected that a threat group, UNC2447, is financially very motivated is continuously exploiting SonicWall VPN zero-day (CVE-2021-20016) vulnerability.

According to the report from FireEye, this vulnerability is prior to a currently available patch and is continuously deploying the sophisticated ransomware.

- Advertisement - EHA

The experts, after detecting the ransomware they named it as FiveHands and pronounced that this is quite similar to the malware that is designated as HelloKitty.

Surreptitious HelloKitty

However, the attack in which the threat actors have implemented FiveHands was initially detected in October 2020. As we said above that FiveHands is very similar to the HelloKitty malware.

HelloKitty was discovered as it has attacked video game development studio CD Projekt Red, it has encrypted the game system. 

Once the encryption is done, the threat actors have stolen the source code for Cyberpunk 2077, Gwent, Witcher 3, and not only this, but they also attacked an unreleased version of Witcher 3.

The attack rate of HelloKitty decreased as the use of the FiveHands attack increased. Rather than similar feature and functionality, both of them were also linked by Mandiant.

The specialists came to know about the link after a month of observing the FiveHands ransomware Tor chat using a HelloKitty favicon.

UNC2447 affiliates also deployed “Ragnar Locker”

The threat actors keep an eye upon their victims through the FiveHands ransomware; after that, the hackers violently applied pressure upon the victims with media attention threats.

The threat actors also offer victim data for sale on hacker forums, and according to the cybersecurity researchers, the UNC2447 associates have observed many sources so that they can easily implement Ragnar Locker ransomware activity.

However, the similarities of HelloKitty and FiveHands, are quite visible, but ransomware may be utilized by different groups via underground affiliate programs. 

Unlike, HelloKitty, FiveHands has improved ad worked on its predecessors by utilizing a new, memory-only dropper. Later, the threat actors have applied encryption to a larger array of file types.

Moreover, the zero-day has again being exploited by some other group named UNC2682 to backdoor systems. But, still, this group has used BEHINDER web shells to move safely through the victims’ networks and quickly gain access to the emails and all other files.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

North Korean Hackers Attacking LinkedIn Users to Deliver RustDoor Malware

North Korean hackers have been identified as targeting LinkedIn users to deliver sophisticated malware...

Creating An AI Honeypot To Engage With Attackers Sophisticatedly

Honeypots, decoy systems, detect and analyze malicious activity by coming in various forms and...

Key Russian Hacker Group Attacking Users With .NET Built Ransomware

The Russian ransomware group Key Group, active since early 2023, is targeting organizations globally,...

Chinese Hackers Charged for Multi-Year Spear-Phishing Attacks

Song Wu, a Chinese national, has been indicted on charges of wire fraud and...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Key Russian Hacker Group Attacking Users With .NET Built Ransomware

The Russian ransomware group Key Group, active since early 2023, is targeting organizations globally,...

Medusa Ransomware Exploiting Fortinet Flaw For Sophisticated Ransomware Attacks

Medusa, a relatively new ransomware group, has gained notoriety for its dual-pronged online presence....

CosmicBeetle Exploiting Old Vulnerabilities To Attacks SMBs All Over The World

CosmicBeetle, a threat actor specializing in ransomware, has recently replaced its old ransomware, Scarab,...