Menu
Browse

Cyber Threat Actor: UNC2447

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Criminal
0 incidents
Profile

UNC1566 and UNC2447 are threat actors observed selling unauthorized access to high-value US infrastructure via Russian-language hacker forums. Their confirmed activities center on financially motivated sales of compromised satellite and telecommunications systems. In June 2023, they advertised access to a Maxar Technologies military satellite for $15,000, claiming potential visibility into US military positioning and strategic operations. Concurrently, they offered AT&T corporate email account access for $7,000, explicitly noting the disabling of two-factor authentication (2FA) protections on those accounts. Both listings utilized Escrow services to facilitate transactions, suggesting an operational focus on establishing transactional credibility with buyers.

The actor’s targeting emphasizes US critical infrastructure sectors, specifically space technology (Maxar) and telecommunications (AT&T), with no referenced geographic limitations beyond the victims’ US bases. Their public posts lack technical details on initial access vectors or malware, though the AT&T offer implies prior compromise of authentication mechanisms. No state affiliations or criminal consortium ties are explicitly declared in forum interactions. The satellite and email access sales represent their most documented operations, reflecting a pattern of monetizing strategic network intrusions rather than conducting disruptive attacks or data theft. Historical context from the broader forum environment indicates recurring sales of US entity access—including past incidents involving US Marshals Service data and academic credentials—though direct links to UNC1566/UNC2447 campaigns beyond the Maxar and AT&T cases remain unspecified in available reporting.

Incidents
Attributed incidents available to members
0 incidents
Sources
Sources available to members
1 source