The danger actors powering a new ransomware group known as Hunters Intercontinental have obtained the supply code and infrastructure from the now-dismantled Hive procedure to kick-begin its individual attempts in the threat landscape.
“It seems that the management of the Hive team designed the strategic decision to cease their functions and transfer their remaining property to yet another group, Hunters Worldwide,” Martin Zugec, specialized remedies director at Bitdefender, claimed in a report revealed past 7 days.
Hive, once a prolific ransomware-as-a-assistance (RaaS) procedure, was taken down as part of a coordinated regulation enforcement procedure in January 2023.
Whilst it can be frequent for ransomware actors to regroup, rebrand, or disband their things to do adhering to this kind of seizures, what can also occur is that the main developers can go on the source code and other infrastructure in their possession to an additional threat actor.
Reviews about Hunters International as a probable Hive rebrand surfaced past month following various code similarities were being identified between the two strains. It has because claimed five victims to date.
The danger actors driving it, nevertheless, have sought to dispel these speculations, stating that it acquired the Hive resource code and site from its builders.
“The team seems to position a greater emphasis on info exfiltration,” Zugec reported. “Notably, all documented victims had information exfiltrated, but not all of them experienced their details encrypted,” building Hunters Intercontinental more of a facts extortion group.
Bitdefender’s examination of the ransomware sample reveals its Rust-centered foundations, a actuality borne out by Hive’s changeover to the programming language in July 2022 for its elevated resistance to reverse engineering.
“In typical, as the new group adopts this ransomware code, it seems that they have aimed for simplification,” Zugec stated.
“They have reduced the selection of command line parameters, streamlined the encryption critical storage method, and built the malware considerably less verbose when compared to previously versions.”
The ransomware, aside from incorporating an exclusion checklist of file extensions, file names, and directories to be omitted from encryption, operates commands to stop info recovery as properly as terminate a quantity of processes that could probably interfere with the method.
“Even though Hive has been one particular of the most hazardous ransomware teams, it remains to be found if Hunters Intercontinental will prove similarly or even additional formidable,” Zugec noted.
“This group emerges as a new danger actor setting up with a mature toolkit and seems eager to present its capabilities, [but] faces the job of demonstrating its competence in advance of it can entice superior-caliber affiliate marketers.”
Found this post exciting? Follow us on Twitter and LinkedIn to read more exclusive written content we put up.
Some parts of this article are sourced from:
thehackernews.com