A new ransomware player, called Hunters International, has recently been discovered. What makes this group distinct is its origin story – it has inherited the source code and infrastructure from the dismantled Hive ransomware operation, a ransomware-as-a-service (RaaS) entity that law enforcement agencies successfully brought down earlier this year.
According to Bitdefender’s Technical Solutions Director, Martin Zugec, the Hive group’s leadership made a strategic choice to cease its operations and transfer its remaining assets to a new entity, now known as Hunters International. Such transitions, involving the transfer of source code and infrastructure, are not uncommon in the evolving landscape of cyber threats, as threat actors adapt and reorganize in response to increased legal pressure.
The Connection between Hunters International and Hive
Speculation regarding the relationship between Hunters International and the former Hive operation arose due to observed code similarities. However, the actors behind Hunters International have countered these claims, asserting that they acquired the Hive source code and website from the original developers, dispelling notions of a mere rebrand.
A Tactical Shift
What distinguishes Hunters International is its apparent pivot towards emphasizing data exfiltration over exclusive reliance on encryption for extortion. Bitdefender’s analysis uncovered the ransomware’s Rust-based foundations, a characteristic inherited from Hive’s shift to this programming language in July 2022 to enhance resistance to reverse engineering.
Adapting the Toolkit
As Hunters International incorporates the ransomware code, noticeable simplifications and streamlining are apparent. This includes a reduction in command line parameters, a more efficient encryption key storage process, and a generally less verbose operation compared to its predecessor. Notably, the ransomware features an exclusion list, allowing specific file extensions, names, and directories to be exempt from encryption.
Arsenal in Action
Beyond encryption, the ransomware executes commands to hinder data recovery efforts and terminates processes that might interfere with its malicious activities. While Hive gained notoriety as one of the most formidable ransomware groups, the cybersecurity community now watches closely to assess whether Hunters International will prove equally menacing or potentially more so.
Conclusion
Since Hunters International steps into the spotlight armed with a mature toolkit inherited from Hive, cybersecurity experts await potential ramifications. With a pronounced focus on data exfiltration and a strategic evolution in tactics, this new threat actor faces the challenge of showcasing its capabilities and attracting affiliates of high caliber.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: