HelloKitty is launching a DDoS attack by exploiting known vulnerabilities
HelloKitty is launching a DDoS attack by exploiting known vulnerabilities
THREAT LEVEL: Red.
For a detailed advisory, download the pdf file here.
The FBI has issued a warning to private businesses about a new feature of the HelloKitty ransomware group (aka FiveHands). The Hello Kitty/FiveHands actor (UNC2447) employs the double extortion strategy to place undue pressure on victims. If the victim fails to respond quickly or pay the ransom, the threat actors may launch a Distributed Denial of Service (DDoS) attack on the target company’s public website. HelloKitty achieves first access by exploiting known SonicWall flaws (CVE-2021-20016, CVE-2021-20021, CVE-2021-20022, CVE-2021-20023). Patches for these vulnerabilities are widely accessible.
Vulnerability Details
Actors Details
Indicators of Compromise (IoCs)
Patch Link
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0007
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0008
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0010
References
https://www.ic3.gov/Media/News/2021/211029.pdf
https://apt.thaicert.or.th/cgi-bin/showcard.cgi?g=UNC2447
https://securityaffairs.co/wordpress/124059/malware/hellokitty-ransomware-fbi-alert.html
