[threat-actors] Add UNC2659

This commit is contained in:
Mathieu Beligon 2023-12-06 17:42:33 -08:00
parent b72868b6cd
commit 69a94b6c1e

View file

@ -13651,6 +13651,16 @@
}, },
"uuid": "f1d90b54-4821-41ff-8e07-ac650e0454b7", "uuid": "f1d90b54-4821-41ff-8e07-ac650e0454b7",
"value": "UNC2717" "value": "UNC2717"
},
{
"description": "UNC2659 has been active since at least January 2021. We have observed the threat actor move through the whole attack lifecycle in under 10 days. UNC2659 is notable given their use of an exploit in the SonicWall SMA100 SSL VPN product, which has since been patched by SonicWall. The threat actor appeared to download several tools used for various phases of the attack lifecycle directly from those tools legitimate public websites.",
"meta": {
"refs": [
"http://internal-www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html"
]
},
"uuid": "697cb051-5315-4026-bf4c-553b49f817a9",
"value": "UNC2659"
} }
], ],
"version": 295 "version": 295