Carding 4 Carders
Professional
Experts suspect that Hunters International hackers are just rebranding dangerous software.
A new character has appeared in the cybercrime arena — the hacker group Hunters International, which offers its ransomware as a service. A distinctive feature of these "hunters" is the use of source code that was once part of the arsenal of the famous Hive group.
The first person to notice the similarities between cryptographers was a specialist known under the pseudonym rivitna. Then he assumed that he was dealing with an updated version of Hive, and not a separate threat.
His colleague, Will Thomas, also identified fragments specific to Hive in the Hunters International code. The analysis showed that the similarity with the outdated program reaches 60%.
The hackers themselves denied this information, saying that they purchased the code from the Hive developers: "We purchased all the source code, as well as their website and the original versions in Golang and C."
The original code contained many flaws that prevented decryption. According to the group, all the shortcomings have already been eliminated. However, the main goal of Hunters International is not to encrypt data, but to steal it. Like most ransomware, they use compromised files to put pressure on the victim and demand ransom.
The cryptographer marks encoded files with the "LOCKED" extension. Each affected folder includes a "Contact" text document. Us.txt with instructions on how to contact intruders via a secret chat on the Tor network.
Now the leak site, owned by Hunters International, points to only one victim — a British school, from which attackers stole more than 50 thousand files. So far, hackers have shown limited activity, so their future in the world of cybercrime remains in doubt.
Over 1,300 organizations around the world have been victims of sophisticated Hive attacks. The" revenue " from extortion campaigns was about $ 100 million. Hive software has established itself as one of the most active threats.
However, the successful intervention of the FBI put an end to their criminal activities. The agents managed to infiltrate the group (most likely by recruiting one of the participants), gain the trust of hackers and find out the most important secrets. After six months of surveillance, in January of this year, the criminals were arrested, and their IT infrastructure was also dismantled.
The victims were provided with keys to decrypt the lost data. Compensation was awarded to both those who were victims before the operation and those who were attacked during monitoring.
It is not known whether Hive representatives actually sold the source code of their software or whether Hunters International independently created a similar tool based on well-known Hive techniques and strategies. So far, there is no evidence that Hunters International is not a product of "rebranding".
A new character has appeared in the cybercrime arena — the hacker group Hunters International, which offers its ransomware as a service. A distinctive feature of these "hunters" is the use of source code that was once part of the arsenal of the famous Hive group.
The first person to notice the similarities between cryptographers was a specialist known under the pseudonym rivitna. Then he assumed that he was dealing with an updated version of Hive, and not a separate threat.
His colleague, Will Thomas, also identified fragments specific to Hive in the Hunters International code. The analysis showed that the similarity with the outdated program reaches 60%.
The hackers themselves denied this information, saying that they purchased the code from the Hive developers: "We purchased all the source code, as well as their website and the original versions in Golang and C."
The original code contained many flaws that prevented decryption. According to the group, all the shortcomings have already been eliminated. However, the main goal of Hunters International is not to encrypt data, but to steal it. Like most ransomware, they use compromised files to put pressure on the victim and demand ransom.
The cryptographer marks encoded files with the "LOCKED" extension. Each affected folder includes a "Contact" text document. Us.txt with instructions on how to contact intruders via a secret chat on the Tor network.
Now the leak site, owned by Hunters International, points to only one victim — a British school, from which attackers stole more than 50 thousand files. So far, hackers have shown limited activity, so their future in the world of cybercrime remains in doubt.
Over 1,300 organizations around the world have been victims of sophisticated Hive attacks. The" revenue " from extortion campaigns was about $ 100 million. Hive software has established itself as one of the most active threats.
However, the successful intervention of the FBI put an end to their criminal activities. The agents managed to infiltrate the group (most likely by recruiting one of the participants), gain the trust of hackers and find out the most important secrets. After six months of surveillance, in January of this year, the criminals were arrested, and their IT infrastructure was also dismantled.
The victims were provided with keys to decrypt the lost data. Compensation was awarded to both those who were victims before the operation and those who were attacked during monitoring.
It is not known whether Hive representatives actually sold the source code of their software or whether Hunters International independently created a similar tool based on well-known Hive techniques and strategies. So far, there is no evidence that Hunters International is not a product of "rebranding".
