Hunters

Malware updated 10 months ago (2024-11-29T14:45:20.861Z)

Download STIX

Preview STIX

Malware hunters, often referred to as bug hunters, play a critical role in cybersecurity by identifying and addressing vulnerabilities in software systems. In 2023, these professionals proved their worth at the Pwn2Own Toronto event where they identified 58 unique zero-day vulnerabilities, earning a total of $1,038,250 for their efforts. These specialists leverage a range of tools and technologies, including a framework designed to help them test software for potential flaws through a human-like workflow. This includes a code browser, debugger, reporter tool, and sandbox environment for running Python scripts and recording output. Artificial Intelligence (AI) is increasingly being integrated into the work of malware hunters to enhance threat identification and analysis. Google's team of zero-day hunters, for instance, have noted that AI can lead to improved automated threat identification and detect vulnerabilities that current tools may miss. Trend, a company at the forefront of AI innovation since 2005, has been empowering security operations center (SOC) analysts and threat hunters with technologies that streamline their operations and bolster risk response. Various malware types, including Hunters, have posed significant threats to digital security. Following the contested presidential elections in Venezuela on July 28th, 2024, hacktivist groups including Anonymous Venezuela and Cyber Hunters executed attacks against the Venezuelan government. Furthermore, SharpRhino, an attack tool used by Hunters International, aims to gain persistence and control over targeted systems to launch sophisticated ransomware attacks for financial gain. This group targets opportunistically, without prioritizing any specific sector or region.

Description last updated: 2024-11-05T22:01:59.279Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Malware

Extortion

Exploit

Cybercrime

Ransom

Google

Vulnerability

Zero Day

Data Leak

Facebook

RaaS

Hacktivist

Linux

Sandbox

Salesforce

Tool

Phishing

Crowdstrike

Encryption

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Hive Malware is associated with Hunters. Hive is a form of malware, specifically ransomware, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Hive can steal personal information, disrupt operations, or hold data hostag	Unspecified	4
The Crimson Malware is associated with Hunters. Crimson is a malware used in various cyber-espionage campaigns, most notably in Operation Crimson Palace. This operation has been active since March 2023, with heightened activity observed in 2024. It is a concerted effort by three Chinese Advanced Persistent Threat (APT) groups targeting Southeast	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Lapsus Threat Actor is associated with Hunters. Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor	Unspecified	6
The Hunters International Threat Actor is associated with Hunters. Hunters International, an active threat actor group since October of the previous year, has been identified as a significant cybersecurity concern. The group has taken over and rebranded the Hive ransomware, despite their disputes about this association. This development followed the disbandment of	Unspecified	4
The Hive Ransomware Threat Actor is associated with Hunters. Hive ransomware, a prominent threat actor active in 2022, was known for its widespread malicious activities in numerous countries, including the US. The group's modus operandi involved the use of SharpRhino, which upon execution, established persistence and provided remote access to the attackers, e	Unspecified	3
The Shinyhunters Threat Actor is associated with Hunters. ShinyHunters, a notorious threat actor group, has been involved in several significant data breaches, posing a serious cybersecurity concern for businesses worldwide. The group is known for its malicious activities targeting corporate entities, with the intent of stealing proprietary information. Be	Unspecified	3
The Scattered Spider Threat Actor is associated with Hunters. Scattered Spider, also known as Octo Tempest, 0ktapus, and UNC3944, is a notorious threat actor group involved in major data extortion campaigns. This cybercriminal group has been associated with high-profile attacks on organizations like Caesars Entertainment and MGM, often in collaboration with th	Unspecified	3

Source Document References

Information about the Hunters Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Checkpoint	a day ago	13th October – Threat Intelligence Report - Check Point Research
InfoSecurity-magazine	a day ago	FBI and French Police Shutter BreachForums Domain Again
Unit42	4 days ago	The Golden Scale: Bling Libra and the Evolving Extortion Economy
InfoSecurity-magazine	4 days ago	Google Launches AI Bug Bounty with $30,000 Top Reward
Trend Micro	5 days ago	RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits
InfoSecurity-magazine	6 days ago	Met Police Arrest Two Teens in Connection with Kido Attack
Krebs on Security	7 days ago	ShinyHunters Wage Broad Corporate Extortion Spree
InfoSecurity-magazine	7 days ago	NCSC: Patch Critical Oracle EBS Bug Now
Checkpoint	8 days ago	6th October – Threat Intelligence Report - Check Point Research
InfoSecurity-magazine	18 days ago	JLR Begins Phased Restart of Operations After Cyber-Attack
InfoSecurity-magazine	21 days ago	Car Giant Stellantis Confims Third-Party Breach
InfoSecurity-magazine	22 days ago	Organizations Must Update Defenses to Scattered Spider Tactics, Expert
Checkpoint	22 days ago	22nd September – Threat Intelligence Report - Check Point Research
Securityaffairs	a month ago	Jaguar Land Rover will extend its production halt into a third week following a cyberattack
CrowdStrike	a month ago	Threat AI: The Industry's First Agentic Threat Intel System
Securityaffairs	a month ago	Cybercrime group accessed Google Law Enforcement Request System (LERS)
InfoSecurity-magazine	a month ago	JLR Extends Production Halt After Cyber-Attack
Securityaffairs	a month ago	Hackers steal millions of Gucci, Balenciaga, and Alexander McQueen customer records
Securityaffairs	a month ago	Jaguar Land Rover discloses a data breach after recent cyberattack
Unit42	a month ago	Data Is the New Diamond: Latest Moves by Hackers and Defenders