Unc2165

Threat Actor updated 16 days ago (2024-10-02T11:00:53.957Z)
Download STIX
Preview STIX
UNC2165, a threat actor group with financial motivations, has been identified as the force behind multiple LockBit ransomware intrusions. This group shares several characteristics with another publically known group, Evil Corp. Research conducted by Mandiant reveals that UNC2165 has been shifting its operations to evade sanctions and ensure continuity of its malicious activities. The group's activities have raised significant concerns in the cybersecurity community due to their persistent and adaptive nature. This group has shown an alarming adaptability by frequently changing the brand of ransomware they deploy. According to statements made by Goody, this change in strategy is believed to be a response to difficulties the group encountered when attempting to receive payments from victim organizations. By continuously altering their ransomware brand, UNC2165 has managed to maintain its operations despite increasing scrutiny and attempts to thwart their activities. The connection between UNC2165 and Evil Corp became more evident when one cyber-crime crew tracked by Mandiant, which has ties to Evil Corp, started switching up the ransomware it deployed after the US sanctioned Evil Corp in 2019 over its development and use of Dridex malware. Further evidence linking UNC2165 to Evil Corp came when Ryzhenkov was associated with the alias mx1r and connected to UNC2165, suggesting an evolution of Evil Corp affiliated actors.
Description last updated: 2024-10-02T10:15:30.843Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Evil Corp is a possible alias for Unc2165. Evil Corp, a threat actor based in Russia, has been identified as a significant cybersecurity threat due to its involvement in various malicious activities, including the deployment of Dridex malware. The group is led by Maksim Yakubets and has been sanctioned by the Treasury Department for its cybe
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Unc2165 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more