Go to listing page

UNC2247 Cyber Threat Intelligence Tracker

UNC2247 Cyber Threat Intelligence Tracker

Share Blog Post

On May 24, 2022, Cisco became aware of a potential compromise, executed via compromised credentials of an employee, after an attacker gained control of a personal Google account through phishing. The victim’s credentials were saved in the browser from where the attacker stole them. The attacker conducted a series of sophisticated voice phishing attacks under the guise of various trusted organizations attempting to convince the victim to accept multi-factor authentication (MFA) push notifications initiated by the attacker. The attacker ultimately succeeded in achieving an MFA push acceptance, granting them access to the VPN of the targeted user.

The attack was attributed to UNC2247, also known as Yanluowang Ransomware Group, a financially motivated threat actor who has been previously seen conducting ransomware attacks and leveraging a technique called double extortion where data is extracted prior to data encryption.

Cyware has created a GitHub repository with actionable threat intelligence on the threat actor and the attack collected from across the internet. The repository has been created to provide a single window, and centralized access to security teams to threat intelligence on UNC 2247.

Click here to visit Cyware's UNC 2247 cyber threat intelligence tracker.

 Tags

unc 2247
yanluowang ransomware group

Posted on: August 13, 2022

Related Guides

Explained: The Role of AI in Cyber Threat Intelligence
What is a TAXII Server? How is it Different from a TAXII Client?
Everything You Need to Know About MITRE ATT&CK Framework
What is Cyber Threat Intelligence Sharing? And Why Should You Care?
Threat Intelligence Processing: The Key to Leveraging Unstructured Data
Walls Can Talk: An Introduction to Internal Cyber Threat Intelligence
Why is Correlation the Most Important Phase in Cyber Threat Intelligence Lifecycle?
What is Confidence Scoring in Threat Intelligence?
How to Choose the Best Threat Intelligence Platform for Your Security Team?
How to Build Your Own Cyber Information Sharing Community?
What is STIX 2.1? How is it Different From STIX 2.0?
What is STIX 2.x? How is it Different from STIX 1.x?
How Can You Tell if Your Cyber Threat Intelligence Program is Working Well?
What is Threat Intelligence Analysis?
What is Threat Intelligence Normalization?
What is Threat Intel Ingestion?
How Real-Time Cyber Threat Intelligence Sharing Enables Security Collaboration
The Benefits of Cross-Sectoral Threat Intelligence Sharing
What is a Connected Threat Intelligence Platform (TIP)?
How Useful is MITRE ATT&CK Framework in Threat Intelligence?
Significance of Threat Intelligence Platform (TIP) for Growing Teams
Combining SOAR and TIP for Intel-Driven SecOps
What is the Role of Threat Intelligence Platform (TIP) in a Security Operations Center (SOC)?
What is the Hub and Spoke Information Sharing Model?
The Concept of Pyramid of Pain
What are the Different Use Cases of a TIP?
Why Do MSSPs Need Automation?
What is the Diamond Model of Intrusion Analysis?
The Evolution of Threat Intelligence
Don’t Wait! Leverage Threat Intelligence
Why do Organizations Need to Leverage Actionable Threat Intelligence?
What is Technical Threat Intelligence?
What is Operational Threat Intelligence and Why is it Important?
What is Tactical Threat Intelligence and Why is it Important?
What is the Threat Intelligence Lifecycle?
Everything You Need to Know About a Threat Intelligence Platform (TIP)
5 Steps to Effective Cyber Threat Intelligence Program
Things to Consider When Choosing the Right Threat Intelligence Platform
Open Source or Commercial Threat Intelligence Platform - Which one is better?
What is Strategic Threat Intelligence Sharing and Why is it Important?
What is a Threat Intelligence Platform (TIP)?
Strategic vs. Tactical Threat Intelligence
Role of SOAR and TIP in Cyber Fusion
Information Sharing in Cyber Fusion
Role of Threat Intelligence in Cyber Fusion
What is Malware Information Sharing Platform (MISP)?
What is Signals Intelligence (SIGINT)?
What are Indicators of Compromise (IoCs)?
What is MITRE ATT&CK Framework?
What is Open Indicators of Compromise (OpenIOC) Framework?

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite

Explore Solutions

Capabilities

Resource Library

Use Cases