The return of the Hive ransomware?  Group active after almost a year

Hivegroup ransomware known for hitting more than 1,300 companies and having collected more than 100 million dollars in redemptions is back active after almost a year’s break.

The cybercriminals’ infrastructure, in fact, was dismantled during January 2023, through a complex operation that involved FBI e police of some European countries such as Germany and Holland.

Despite this, the researchers of Bitdefender have identified a new group that would be closely linked to Hive. Known as Hunters Internationalthis demonstrates some connections with the previous cybercriminal collective.

The researchers, in fact, noted that after the dismantling by the police, Hive’s resources would have been transferred to another group, which would be called Hunters International. The connections between the two ransomware groups, however, do not end there.

By overlaying the codes used during the attacks, the security researcher Will Thomasidentified a potential overlap of the 60% between groups. Another fairly clear clue in this sense.

Hunters International is a very close relative of Hive ransomware

In this regard, however, the cybercriminals themselves wanted to have their say, stating that Hunters International is not a “rebranding” operation of the previous group. In fact, they define themselves as aindependent entityalthough they admit to having acquired part of its infrastructure.

On the other hand, looking at the present and the future, the emerging collective is certainly no less fearsome than Hive. The group does not appear to want to focus on a particular territory, having already shown activity in territories such as the United States, Germany and Great Britain, sometimes also targeting hospital institutionsan unpleasant and sadly increasingly common modus operandi in our country too.

Hunters International offre servizi Ransomware-as-a-Service (RaaS) with special tools made in Rust. Another distinctive sign of the group is the way in which they ask for ransoms. In fact, for payment, victims are asked to access a specific portal through keys provided in the message released for ransom.


Please enter your comment!
Please enter your name here