Hunters International

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
Hunters International, a threat actor group in the cybersecurity realm, has recently gained notoriety for its malicious activities. The group is believed to have taken over Hive Ransomware, a notorious malware used for cyberattacks, after Hive's takedown in 2023. Despite disputes from Hunters International claiming they are not a rebranded Hive group, evidence suggests otherwise. For instance, the names of victims who paid Hive for data deletion were found on the leak site of Hunters International, indicating a possible connection between the two entities. Furthermore, Hunters International claimed responsibility for an attack involving a ransom demand of $10M for approximately 1.7 million stolen files, further solidifying their position as a significant threat. The group's activities extend beyond traditional ransomware attacks, with emerging evidence of "hostage trading" of data between various groups. Coveware cited an example where data from Hive victims was seen on Hunters International's leak site, suggesting a cooperative or at least opportunistic relationship among these threat actors. This interplay between different groups adds another layer of complexity to the already intricate landscape of cybersecurity threats. Looking forward into 2024, reports predict that Hunters International will remain a persistent threat alongside other emerging groups such as Cactus, Rhysida, 8base, Akira, and the recently surfaced Werewolves group. These groups represent the evolving nature of ransomware threats and demand increased vigilance from cybersecurity professionals. In particular, the practice of reusing the source code of other strains in operations, as Hunters International did with the Hive source code, indicates a trend towards more sophisticated and potentially more damaging attacks.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Hive
5
Hive, a form of malware, has been causing significant disruptions in the cybersecurity world. The malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. Notably, Volt Typhoon has exfilt
Hive Ransomware
4
Hive ransomware, a notorious threat actor, emerged as one of the most prolific groups in 2022, executing a series of cyberattacks with malicious intent. This group was responsible for numerous ransomware attacks, causing significant disruptions and damage across various sectors. However, in January
Blackmatter
2
BlackMatter, a threat actor known for its malicious activities in the cybersecurity landscape, emerged as a variant of the notorious "DarkSide" ransomware. In May 2021, after launching an attack on Colonial Pipeline, the group rebranded itself from DarkSide to BlackMatter. However, due to increased
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Ransom
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ContiUnspecified
2
Conti is a malware program known for its disruptive capabilities, including stealing personal information and holding data hostage for ransom. It gained notoriety as part of the arsenal of ITG23, a cybercrime group that used it in conjunction with other malicious software like Trickbot, BazarLoader,
LockbitUnspecified
2
LockBit is a malicious software (malware) that has been implicated in several high-profile cyber attacks. It infiltrates systems through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. Recently, the L
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Bl00dyUnspecified
2
Bl00dy is a malicious threat actor known for its involvement in various cyber-attacks, often operating alongside other threat groups like Black Basta. This group has been linked to the exploitation of recent vulnerabilities in ConnectWise ScreenConnect, a widely used remote management and monitoring
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Hunters International Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
BankInfoSecurity
a month ago
Ransomware Victims Who Pay a Ransom Drops to Record Low
Checkpoint
5 months ago
18th December – Threat Intelligence Report - Check Point Research
CERT-EU
3 months ago
Critical infrastructure software maker confirms ransomware attack
CERT-EU
5 months ago
The law enforcement operations targeting cybercrime in 2023
CERT-EU
6 months ago
Hive Ransomware's Offspring : Hunters International Takes the Stage – Global Security Mag Online
DARKReading
4 months ago
Zeppelin Ransomware Source Code & Builder Sells for $500 on Dark Web
CERT-EU
6 months ago
‘Hunters International’ Cyberattackers Take Over Hive Ransomware
CERT-EU
7 months ago
US plastic surgeon clinic data exposed by Hunters International
CERT-EU
6 months ago
Google Workspace Vulnerabilities Lead to Network-Wide Breaches
CERT-EU
7 months ago
The Week in Ransomware - October 20th 2023 - Fighting Back
CERT-EU
2 months ago
EquiLend Employee Data Breached After January Ransomware Attack | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
7 months ago
Seiko Group says BlackCat stole 60K personal data records
DARKReading
5 months ago
Austal USA Investigates Cyberattack Claimed by Ransomware Group
CERT-EU
4 months ago
Hunters International Ransomware Adds Four New Victims | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
4 months ago
Zeppelin Ransomware Source Code & Builder Sells for $500 on Dark Web | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
7 months ago
Cybercrims leak patient pics in low blow bid to win ransom
InfoSecurity-magazine
17 days ago
Ransomware Rising Despite Takedowns, Says Corvus Report
CERT-EU
7 months ago
Cybercrims leak patient pics in low blow bid to win ransom
CERT-EU
5 months ago
Increased health cybersecurity funding, penalties sought by HHS
CERT-EU
5 months ago
Integris Health patients get extortion emails after cyberattack