Go to listing page

UNC2247 Cyber Threat Intelligence Tracker

UNC2247 Cyber Threat Intelligence Tracker

Share Blog Post

On May 24, 2022, Cisco became aware of a potential compromise, executed via compromised credentials of an employee, after an attacker gained control of a personal Google account through phishing. The victim’s credentials were saved in the browser from where the attacker stole them. The attacker conducted a series of sophisticated voice phishing attacks under the guise of various trusted organizations attempting to convince the victim to accept multi-factor authentication (MFA) push notifications initiated by the attacker. The attacker ultimately succeeded in achieving an MFA push acceptance, granting them access to the VPN of the targeted user.

The attack was attributed to UNC2247, also known as Yanluowang Ransomware Group, a financially motivated threat actor who has been previously seen conducting ransomware attacks and leveraging a technique called double extortion where data is extracted prior to data encryption.

Cyware has created a GitHub repository with actionable threat intelligence on the threat actor and the attack collected from across the internet. The repository has been created to provide a single window, and centralized access to security teams to threat intelligence on UNC 2247.

Click here to visit Cyware's UNC 2247 cyber threat intelligence tracker.


unc 2247
yanluowang ransomware group

Posted on: August 13, 2022

Related Guides

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite