UNC2447
MISP
Type:
Unknown
Unknown
Country:
Unknown
Unknown
First seen:
Unknown
Unknown
Details:
UNC2447 is a financially motivated threat actor with ties to multiple hacker groups. They have been observed deploying ransomware, including FiveHands and Hello Kitty, and engaging in double extortion tactics. They have been active since at least May 2020 and target organizations in Europe and North America.
References (4)
- esentire.com - Hacker Infrastructure Used In Cisco Breach Discovered Attacking A Top Workforce Management Corporation Russias Evil Corp Gang Suspected Reports Esentire
- blog.talosintelligence.com - Recent Cyber Attack
- internal-www.fireeye.com - Unc2447 Sombrat And Fivehands Ransomware Sophisticated Financial Threat
- rewterz.com - Rewterz Threat Alert Financially Motivated Aggressive Group Carrying Out Ransomware Campaigns Active Iocs
Metadata
| ID: | 550 |
| Created: | 13/01/2026 17:48 |
| Updated: | 02/05/2026 04:00 |