Hunters International

Threat Actor Profile Updated 3 months ago

Download STIX

Preview STIX

Hunters International, a threat actor group in the cybersecurity realm, has recently gained notoriety for its malicious activities. The group is believed to have taken over Hive Ransomware, a notorious malware used for cyberattacks, after Hive's takedown in 2023. Despite disputes from Hunters International claiming they are not a rebranded Hive group, evidence suggests otherwise. For instance, the names of victims who paid Hive for data deletion were found on the leak site of Hunters International, indicating a possible connection between the two entities. Furthermore, Hunters International claimed responsibility for an attack involving a ransom demand of $10M for approximately 1.7 million stolen files, further solidifying their position as a significant threat. The group's activities extend beyond traditional ransomware attacks, with emerging evidence of "hostage trading" of data between various groups. Coveware cited an example where data from Hive victims was seen on Hunters International's leak site, suggesting a cooperative or at least opportunistic relationship among these threat actors. This interplay between different groups adds another layer of complexity to the already intricate landscape of cybersecurity threats. Looking forward into 2024, reports predict that Hunters International will remain a persistent threat alongside other emerging groups such as Cactus, Rhysida, 8base, Akira, and the recently surfaced Werewolves group. These groups represent the evolving nature of ransomware threats and demand increased vigilance from cybersecurity professionals. In particular, the practice of reusing the source code of other strains in operations, as Hunters International did with the Hive source code, indicates a trend towards more sophisticated and potentially more damaging attacks.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Hive	5	Hive is a malicious software, or malware, that infiltrates systems to exploit and damage them. This malware has been associated with Volt Typhoon, who exfiltrated NTDS.dit and SYSTEM registry hive to crack passwords offline. The Hive operation was primarily involved in port scanning, credential thef
Hive Ransomware	4	Hive ransomware, a notorious threat actor, emerged as one of the most prolific groups in 2022, executing a series of cyberattacks with malicious intent. This group was responsible for numerous ransomware attacks, causing significant disruptions and damage across various sectors. However, in January
Blackmatter	2	BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Malware

Source

Ransom

Bitdefender

Health

RaaS

Extortion

Encryption

Payload

Data Leak

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Conti	Unspecified	2	Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in
Lockbit	Unspecified	2	LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
Hunters	Unspecified	2	The malware group known as Hunters International has been involved in a series of high-profile cyberattacks, targeting organizations such as AT&T and the Crystal Lake Health Center. In April, an individual named Binns hacked AT&T, leading to a ransom payment by the company to another hacking group,
Cactus	Unspecified	1	Cactus is a type of malware, specifically ransomware, that has been implicated in several high-profile cyber-attacks. This malicious software infiltrates systems through deceptive methods such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Cactus c
Werewolves	Unspecified	1	The Werewolves ransomware group has recently emerged as a significant threat in the cybercrime landscape. The group, known for its unusual targeting of Russian entities, employs a variant of the LockBit3 ransomware in its attacks. Since its inception, Werewolves has targeted 26 victims across variou
NoEscape	Unspecified	1	NoEscape is a malicious software that emerged as a rebrand of 'Avaddon,' known for its successful multi-extortion tactics. In October 2023, the French basketball team ASVEL fell victim to a data breach orchestrated by the NoEscape ransomware gang. This incident was part of a broader trend in the las
Akira	Unspecified	1	Akira is a malicious software, or malware, specifically a type of ransomware known for its disruptive and damaging effects. First surfacing in late 2023, it has continued to wreak havoc on various entities, including corporations and industries. This ransomware infects systems through suspicious dow
Royal Ransomware	Unspecified	1	Royal Ransomware is a type of malware that has been causing significant disruptions in various sectors, particularly in the United States. Originating from the now-defunct Conti ransomware operation, Royal Ransomware was notorious for its multi-threaded encryption and ability to kill processes withi
Avaddon	Unspecified	1	Avaddon is a type of malware, specifically ransomware, designed to exploit and damage computer systems. It was notable for its compatibility with older systems such as Windows XP and Windows 2003, distinguishing it from other ransomware like Darkside and Babuk which targeted more modern systems like

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Bl00dy	Unspecified	2	Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant i
Rhysida	Unspecified	1	Rhysida, a threat actor known for executing malicious cyber activities, has been responsible for numerous ransomware attacks. The group has primarily targeted businesses and healthcare organizations, with notable instances including a disruptive attack on Ann & Robert H. Lurie Children's Hospital of
Bianlian	Unspecified	1	BianLian is a threat actor that has been increasingly active in cybercrimes. The group is known for its malicious activities, including the execution of actions with harmful intent. In a series of recent events, BianLian has exploited vulnerabilities in JetBrains TeamCity, a continuous integration a
DarkSide	Unspecified	1	DarkSide is a notable threat actor that emerged in the cybersecurity landscape with its advanced ransomware operations. In 2021, the group gained significant attention for its attack on the United States' largest oil pipeline, Colonial Pipeline, causing a temporary halt to all operations for three d
Alphv	Unspecified	1	AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Hunters International Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
InfoSecurity-magazine	3 months ago	Ransomware Rising Despite Takedowns, Says Corvus Report
BankInfoSecurity	3 months ago	Ransomware Victims Who Pay a Ransom Drops to Record Low
Checkpoint	3 months ago	15th April – Threat Intelligence Report - Check Point Research
CERT-EU	4 months ago	EquiLend Employee Data Breached After January Ransomware Attack \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	5 months ago	Blackfog February State of Ransomware Report – Global Security Mag Online
CERT-EU	5 months ago	Critical infrastructure software maker confirms ransomware attack
Unit42	6 months ago	Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
CERT-EU	6 months ago	Ransomware Activity Surged in 2023, Likely to Evolve in 2024 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	6 months ago	A look back to plan ahead \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	7 months ago	Zeppelin Ransomware Source Code & Builder Sells for $500 on Dark Web \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
DARKReading	7 months ago	Zeppelin Ransomware Source Code & Builder Sells for $500 on Dark Web
CERT-EU	7 months ago	Hunters International Ransomware Adds Four New Victims \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	7 months ago	The law enforcement operations targeting cybercrime in 2023
CERT-EU	7 months ago	Integris Health patients get extortion emails after cyberattack
CERT-EU	7 months ago	Integris Health patients get extortion emails after cyberattack
Checkpoint	7 months ago	18th December – Threat Intelligence Report - Check Point Research
Checkpoint	8 months ago	11th December – Threat Intelligence Report - Check Point Research
CERT-EU	8 months ago	Austal USA Confirms Cybersecurity Breach – FBI and NCIS Investigate \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	8 months ago	Data extortion, network infrastructure attacks on the rise
CERT-EU	8 months ago	Increased health cybersecurity funding, penalties sought by HHS