9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
For a detailed advisory, download the pdf file here.
The FBI has issued a warning to private businesses about a new feature of the HelloKitty ransomware group (aka FiveHands). The Hello Kitty/FiveHands actor (UNC2447) employs the double extortion strategy to place undue pressure on victims. If the victim fails to respond quickly or pay the ransom, the threat actors may launch a Distributed Denial of Service (DDoS) attack on the target company's public website. HelloKitty achieves first access by exploiting known SonicWall flaws (CVE-2021-20016, CVE-2021-20021, CVE-2021-20022, CVE-2021-20023). Patches for these vulnerabilities are widely accessible.
<https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001>
<https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0007>
<https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0008>
<https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0010>
<https://www.ic3.gov/Media/News/2021/211029.pdf>
<https://apt.thaicert.or.th/cgi-bin/showcard.cgi?g=UNC2447>
<https://securityaffairs.co/wordpress/124059/malware/hellokitty-ransomware-fbi-alert.html>
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P