CISA Publishes Analysis on New FiveHands Ransomware

Attackers used publicly available tools, FiveHands ransomware, and SombRAT to successfully target an organization, officials report.

Attackers used publicly available penetration testing and exploitation tools, the FiveHands ransomware, and the SombRAT remote access Trojan to steal information, obfuscate files, and demand ransom, officials report. They also used publicly available tools for network discovery and credential access.
The initial access vector in these attacks was a zero-day vulnerability in a virtual private network (VPN). In its recommendations to organizations, the CISA advises using multifactor authentication, particularly on all VPN connections, external-facing services, and privileged accounts. It also advises decommissioning unused VPN servers, which could be an entry point.
Analysis of the FiveHands ransomware is still ongoing; CISA plans to update its report as new information becomes available.
Read the full
Analysis Report
and
Malware Analysis Report
for more details.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
CISA Publishes Analysis on New FiveHands Ransomware