UNC2465 is a threat actor. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does UNC2465 exploit?

Specific CVE exploitation data for UNC2465 is being tracked. Check the Strobes VI threat actor profile for updates.

UNC2465

Exploited CVEs

Overview

UNC2465 is a threat actor known for deploying the SMOKEDHAM .NET backdoor and DARKSIDE ransomware, utilizing TTPs such as phishing, Trojanized software installers, and supply chain attacks. They have employed the NGROK utility to expose internal services and facilitate lateral movement within victim environments. UNC2465 has also leveraged tools like UltraVNC, Cobalt Strike BEACON, and conducted credential harvesting via LSASS memory dumping. Their operations have included extortion tactics through a leaks website over TOR, applying pressure on victims by releasing stolen data.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database