New Ransomware Group Emerges with Hive’s Source Code and Infrastructure

14-11-2023
Share
New Ransomware Group Emerges with Hive’s Source Code and Infrastructure

The threat actors behind a new ransomware group called Hunters International have acquired the source code and infrastructure from the now-dismantled Hive operation to kick-start its own efforts in the threat landscape.

“It appears that the leadership of the Hive group made the strategic decision to cease their operations and transfer their remaining assets to another group, Hunters International,” Martin Zugec, technical solutions director at Bitdefender, said in a report published last week.

Reports about Hunters International as a possible Hive rebrand surfaced last month after several code similarities were identified between the two strains. It has since claimed five victims to date.

The threat actors behind it, however, have sought to dispel these speculations, stating that it purchased the Hive source code and website from its developers.

Bitdefender’s analysis of the ransomware sample reveals its Rust-based foundations, a fact borne out by Hive’s transition to the programming language in July 2022 for its increased resistance to reverse engineering.

The ransomware, besides incorporating an exclusion list of file extensions, file names, and directories to be omitted from encryption, runs commands to prevent data recovery as well as terminate a number of processes that could potentially interfere with the process.

“While Hive has been one of the most dangerous ransomware groups, it remains to be seen if Hunters International will prove equally or even more formidable,” Zugec noted.

“This group emerges as a new threat actor starting with a mature toolkit and appears eager to show its capabilities, [but] faces the task of demonstrating its competence before it can attract high-caliber affiliates.”

 

Source: https://thehackernews.com/