The Hive ransomware operation was disrupted by the FBI earlier this year [1], but the threat still remains. A new group called Hunters International has acquired the source code and infrastructure from the now-defunct Hive operation [2], leading to concerns about the continued danger posed by the malware.
Description
Analysis has revealed that Hunters International has significant code overlaps with the Hive ransomware, suggesting that the operators of Hive have transferred their assets to this new group. Bitdefender’s analysis further shows that the ransomware used by Hunters International is based on Rust and has simplified code compared to earlier versions. While Hive was known as one of the most dangerous ransomware groups [1], it remains to be seen if Hunters International will be equally formidable [1] [2]. The group’s primary focus appears to be on data exfiltration rather than data encryption [1], and their attacks so far seem opportunistic rather than targeted [1]. The decision to sell the malware code may be due to the challenges criminal groups face in recovering from a successful takedown [1]. The value of the code extends beyond its technical capabilities and includes the trust and reputation of the ransomware in the cybercriminal community [1].
Conclusion
The acquisition of the Hive ransomware code by Hunters International raises concerns about the ongoing threat posed by this malware. While the group has simplified the code and shifted its focus to data exfiltration, it remains to be seen if they will be as dangerous as their predecessors. To establish themselves as a formidable force, they will need to demonstrate their competence and attract high-caliber affiliates [2]. The decision to sell the malware code highlights the challenges criminal groups face in recovering from takedowns [1]. The value of the code extends beyond its technical capabilities [1], encompassing the trust and reputation it holds within the cybercriminal community. Moving forward, it is crucial to monitor the activities of Hunters International and implement effective mitigations to protect against their attacks.
References
[1] https://www.darkreading.com/attacks-breaches/hunters-international-cyberattackers-hive-ransomware
[2] https://thehackernews.com/2023/11/new-ransomware-group-emerges-with-hives.html
