Threat Advisories:

HelloKitty is launching a DDoS attack by exploiting known vulnerabilities

Threat Level – Red | Vulnerability Report
Download PDF

For a detailed advisory, download the pdf file here.

The FBI has issued a warning to private businesses about a new feature of the HelloKitty ransomware group (aka FiveHands). The Hello Kitty/FiveHands actor (UNC2447) employs the double extortion strategy to place undue pressure on victims. If the victim fails to respond quickly or pay the ransom, the threat actors may launch a Distributed Denial of Service (DDoS) attack on the target company’s public website. HelloKitty achieves first access by exploiting known SonicWall flaws (CVE-2021-20016, CVE-2021-20021, CVE-2021-20022, CVE-2021-20023). Patches for these vulnerabilities are widely accessible.

Vulnerability Details

Actors Details

Indicators of Compromise (IoCs)

Patch Link

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0007

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0008

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0010

References

https://www.ic3.gov/Media/News/2021/211029.pdf

https://apt.thaicert.or.th/cgi-bin/showcard.cgi?g=UNC2447

https://securityaffairs.co/wordpress/124059/malware/hellokitty-ransomware-fbi-alert.html

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox

Cyber Horizons 2025

What Last Year’s Attacks Reveal About Today’s Risks

Watch the Webinar on-demand and get a FREE copy of our Cyber Horizons 2025 report.

Our Speakers
Speaker 1

Prateek Bhajanka Global Field CISO & Former Gartner Analyst Hive Pro Inc.

Speaker 2

Ankit Mani Manager Threat Intel HiveForce Labs

Speaker 3

Sreevani Tonipe Senior Threat Researcher HiveForce Labs