Hive Ransomware

Threat Actor Profile Updated 24 days ago
Download STIX
Preview STIX
Hive ransomware, a notorious threat actor, emerged as one of the most prolific groups in 2022, executing a series of cyberattacks with malicious intent. This group was responsible for numerous ransomware attacks, causing significant disruptions and damage across various sectors. However, in January 2023, a law enforcement-led operation successfully disrupted the Hive ransomware operation. This operation included the seizure of the Tor site used by Hive, marking a significant victory for cybersecurity agencies such as the U.S. Cybersecurity & Infrastructure Security Agency (CISA) and the FBI. Despite this successful takedown, only about 20% of Hive's victims reported their experiences to law enforcement, according to an infiltration of the Hive infrastructure by the FBI. This low reporting rate underscores the challenges faced by law enforcement in gaining comprehensive insight into the extent and impact of such cybercrimes. The FBI has emphasized the importance of more victim reporting to enhance their understanding and ability to counter these threats effectively. Interestingly, following the dismantling of Hive, a group known as Hunters International emerged in late 2023, believed to be a rebranding of the former Hive group. This highlights the resilience and adaptability of such threat actors, even in the face of increased law enforcement pressure. Despite criticism, agencies like the FBI have continued to work closely with the private sector to combat these illicit operators, sharing decryption capabilities and disrupting criminal enterprises as demonstrated in the case of Hive ransomware.
What's your take? (Question 1 of 5)
c27c5832-2bd0-4e0f-b57d-28c582e8365f Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Hive
10
Hive is a malicious software, or malware, known for its disruptive capabilities and widespread damage. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data h
Hunters International
4
Hunters International, a threat actor group in the cybersecurity realm, has recently gained notoriety for its malicious activities. The group is believed to have taken over Hive Ransomware, a notorious malware used for cyberattacks, after Hive's takedown in 2023. Despite disputes from Hunters Intern
Wazawaka
2
Wazawaka, identified by the FBI as Mikhail Matveev, is a prominent threat actor in the cybercrime underworld with previous affiliations to LockBit ransomware groups. Throughout 2020 and 2021, he functioned as an affiliate for multiple ransomware organizations, including LockBit. In January 2022, Kre
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
RaaS
Encryption
Malware
Fbi
Antivirus
T1112
Linux
Esxi
Scam
Windows
Cybercrime
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
5
LockBit is a malicious software, or malware, that has been significantly active in recent years. It is designed to infiltrate systems and cause significant damage by stealing sensitive information, disrupting operations, and holding data hostage for ransom. In 2023, security firm Rapid7 named LockBi
NokoyawaUnspecified
2
Nokoyawa is a notorious malware, particularly known for its ransomware capabilities. It has been associated with various other malicious software including Quantum, Royal, BlackBasta, Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, Vidar, Gozi, Cany
BabukUnspecified
2
Babuk is a form of malware, specifically ransomware, that infiltrates systems often through suspicious downloads, emails, or websites. Once inside, it can cause severe disruptions, steal personal data, or even hold the system's data hostage for ransom. Various versions and variants of Babuk ransomwa
TrickBotUnspecified
2
TrickBot is a notorious malware that has gained prominence due to its destructive capabilities. This malicious software, designed to exploit and damage computer systems, infiltrates devices through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, TrickBot c
QakBotUnspecified
2
Qakbot, also known as QBot, is a type of malware that is designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AlphvUnspecified
3
AlphV, also known as BlackCat, is a significant threat actor within the cybercrime landscape. Throughout 2023, AlphV has been responsible for numerous high-profile ransomware attacks, stealing significant amounts of data from various organizations. The group claimed responsibility for hacking Clario
Mikhail Pavlovich MatveevUnspecified
3
Mikhail Pavlovich Matveev, a Russian national also known by the online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, is identified as a significant threat actor in the cybersecurity landscape. He is one of five Russians charged over their involvement with Lockbit, a group regarded as the w
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Hive Ransomware Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
InfoSecurity-magazine
10 months ago
Ransomware Attacks Skyrocket in Q2 2023
CERT-EU
a year ago
FBI detects, contains cyber attack on New York office: News reports | IT World Canada News
CSO Online
a year ago
Why reporting an incident only makes the cybersecurity community stronger
CERT-EU
9 months ago
FBI and European Partners Seize Major Malware Network
CERT-EU
5 months ago
Cybersecurity Year in Review 2023: A zero-day nightmare | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
BankInfoSecurity
a year ago
Will Hive Stay Kaput After FBI Busts Infrastructure?
CISA
a year ago
#StopRansomware: Hive Ransomware | CISA
CERT-EU
9 months ago
FBI and European partners seize major malware network in blow to global cybercrime
CERT-EU
a year ago
Industry Experts Analyze US National Cybersecurity Strategy
CERT-EU
4 months ago
Stupid Human Tricks: Top 10 Cybercrime Cases of 2023
CERT-EU
6 months ago
Ransomware gang broken up in Ukraine as a result of international operation
CERT-EU
a year ago
Alvaria Confirms November 2022 Hive Ransomware Attack | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
a year ago
How one Ohio hospital decrypted LockBit ransomware | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
5 months ago
The law enforcement operations targeting cybercrime in 2023
CERT-EU
5 months ago
DOJ Seizes Ransomware Site as BlackCat Threatens More Attacks
CERT-EU
a year ago
US Offers $10m Reward For Alleged Prolific Ransomware Actor
CERT-EU
7 months ago
Hive Ransomware's Offspring : Hunters International Takes the Stage – Global Security Mag Online
CERT-EU
6 months ago
‘Hunters International’ Cyberattackers Take Over Hive Ransomware
CERT-EU
a year ago
Ex-Uber security chief sentenced to three years of probation for data-breach cover-up
CERT-EU
10 months ago
Cybersecurity threatscape: Q1 2023