Hive Ransomware

Threat Actor updated a month ago (2024-10-15T10:02:48.932Z)
Download STIX
Preview STIX
Hive ransomware, a prominent threat actor active in 2022, was known for its widespread malicious activities in numerous countries, including the US. The group's modus operandi involved the use of SharpRhino, which upon execution, established persistence and provided remote access to the attackers, enabling them to launch typical ransomware attacks. Despite the group's notorious activities, only about 20% of Hive's victims reported their experiences to law enforcement, as discovered by the FBI when they infiltrated the group’s infrastructure. In a significant development, the Hive ransomware operation was shut down in January 2023 as part of a law enforcement-led operation. This disruption campaign resulted in the infiltration of the group’s networks, the capture of decryption keys, and their distribution to victims worldwide. However, this successful intervention faced challenges due to the underreporting of crimes by the group's victims, hindering the ability of agencies like the FBI to gain superior insights into the group's operations. Post the shutdown of the Hive ransomware operation, a new threat actor named Hunters International emerged, actively deploying Hive ransomware since October. Researchers from Quorum Cyber revealed this transition, though Hunters International denied being a rebranded Hive ransomware operation. Despite these denials, Hunters International has already targeted more than a dozen organizations globally, indicating the persistent threat posed by such cybercriminal groups.
Description last updated: 2024-10-15T09:20:15.109Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Hive is a possible alias for Hive Ransomware. Hive is a form of malware, specifically ransomware, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Hive can steal personal information, disrupt operations, or hold data hostag
10
Hunters International is a possible alias for Hive Ransomware. Hunters International, an active threat actor group since October of the previous year, has been identified as a significant cybersecurity concern. The group has taken over and rebranded the Hive ransomware, despite their disputes about this association. This development followed the disbandment of
4
Wazawaka is a possible alias for Hive Ransomware. Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's oper
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
RaaS
Encryption
Malware
Cybercrime
Fbi
Windows
Antivirus
T1112
Linux
Esxi
Scam
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Hive Ransomware. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit Unspecified
5
The QakBot Malware is associated with Hive Ransomware. Qakbot is a malicious software (malware) designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, or hold data for ransom. Built by dUnspecified
2
The Nokoyawa Malware is associated with Hive Ransomware. Nokoyawa is a prominent malware, specifically ransomware, that has been linked to numerous cybercrime activities since it first emerged in 2022. It has been associated with various other malware families including Quantum, Royal, BlackBasta, and a variety of others such as Emotet, IcedID, CobaltStriUnspecified
2
The Hunters Malware is associated with Hive Ransomware. Malware hunters, often referred to as bug hunters, play a critical role in cybersecurity by identifying and addressing vulnerabilities in software systems. In 2023, these professionals proved their worth at the Pwn2Own Toronto event where they identified 58 unique zero-day vulnerabilities, earning aUnspecified
2
The Babuk Malware is associated with Hive Ransomware. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatioUnspecified
2
The TrickBot Malware is associated with Hive Ransomware. TrickBot is a notorious malware developed by cybercriminals to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software can steal personal information, disrupt operations, or even hold data hostage for ransom. Vladimir Dunaev,Unspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Mikhail Pavlovich Matveev Threat Actor is associated with Hive Ransomware. Mikhail Pavlovich Matveev, a Russian national also known by online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, has been identified as a major threat actor in the world of cybersecurity. Matveev is among five Russians charged in connection with Lockbit, a group widely recognized as one ofUnspecified
3
The Alphv Threat Actor is associated with Hive Ransomware. Alphv, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. Originating from Russia, this cybercriminal group has been involved in multiple high-profile ransomware attacks, specifically targeting healthcare providers. They gained significant attention after stealing 5TB Unspecified
3
Source Document References
Information about the Hive Ransomware Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
3 months ago
CERT-EU
a year ago
CERT-EU
a year ago
DARKReading
9 months ago
CERT-EU
8 months ago
CERT-EU
8 months ago
CERT-EU
8 months ago
BankInfoSecurity
8 months ago
CERT-EU
8 months ago
CERT-EU
8 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
BankInfoSecurity
9 months ago
BankInfoSecurity
9 months ago
Malwarebytes
9 months ago
InfoSecurity-magazine
9 months ago
Unit42
10 months ago