Cybersecurity and Infrastructure Security Agency issues more details on the threat posed by FiveHands. Attackers exploited a zero-day vulnerability in a VPN, FireEye’s SMA 100 Series appliance. The group has mainly targeted small and midsized businesses in telecommunications, healthcare, construction, engineering, food and education, real estate and other sectors. CISA offers no attribution of who is behind the attacks; FireEye named the malicious group involved UNC2447. The agency also offers a long list of recommendations to protect against Five Hands.”]
Source: https://www.cuinfosecurity.com/cisa-alert-describes-fivehands-ransomware-threat-a-16543