FiveHands has been around since January but was recently used in a successful attack against an unknown organization.
Attackers were targeting unpatched SonicWall Secure Mobile Access SMA 100 remote access products, for which patches were released in February. The publicly available tools the group users including the SoftPerfect Network Scanner for Discovery and Microsoft’s own remote administration program, PsExec.exe and its related ServeManager.exe.
Check It Out: CIDA Warns of New Ransomware ‘FiveHands’