UNC2447 cybercrime gang exploited a zero-day in the Secure Mobile Access (SMA), addressed by SonicWall earlier this year, before the vendor released a fix. The group targeted organizations in Europe and North America using a broad range of malware over the past months. The malware employed by the group since November 2020, includes Sombrat, FiveHands, the Warprism PowerShell dropper, the Cobalt Strike beacon, and FoxGrabber. The level of sophistication of its operations allowed the financially motivated group to fly under the radar.”]
Source: https://securityaffairs.co/wordpress/117387/malware/unc2447-sonicwall-zero-day.html