Unc2165

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
UNC2165 is a financially motivated threat actor group that has been linked to multiple LockBit ransomware intrusions, as per research conducted by Mandiant. This group shares numerous overlaps with Evil Corp, another notorious cybercrime organization. The activity of UNC2165 has been tracked since the US sanctioned Evil Corp in 2019 for its development and use of Dridex malware. The sanctions against Evil Corp have led to an evolution in the tactics of associated groups like UNC2165, who are continuously adapting their strategies to evade repercussions. UNC2165's strategy involves constantly changing the brand of ransomware they deploy. This tactic is believed to be a response to difficulties the group faced in receiving payments from victim organizations. By shifting their ransomware brand, UNC2165 can continue its illicit activities while avoiding detection or association with previously identified threats. This illustrates the adaptability and persistence of such threat actors in pursuing their financially driven malicious objectives. The activities of UNC2165 underscore the persistent and evolving nature of cyber threats. It highlights the need for robust cybersecurity measures and constant vigilance to protect against such adaptable adversaries. To mitigate the risk posed by groups like UNC2165, organizations must stay updated on the latest threat intelligence, implement strong security controls, and foster a culture of cybersecurity awareness.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Evil Corp
2
Evil Corp, a threat actor group based in Russia, has been identified as a significant cybercrime entity responsible for the execution of malicious actions. The alleged leader of this group is Maksim Yakubets, who is notably associated with Dridex malware operations. The U.S. Treasury imposed sanctio
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
1
LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
DridexUnspecified
1
Dridex is a well-known malware, specifically a banking Trojan, that has been utilized by cybercriminals to exploit and damage computer systems. The malware infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user, and can steal personal information, disrupt o
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Unc2165 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
7 months ago
One paid out, one did not • The Register | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Recorded Future
a year ago
Semiconductor Companies Targeted by Ransomware | Recorded Future
Recorded Future
a year ago
Semiconductor Companies Targeted by Ransomware | Recorded Future