Ransomware Group

Hunters International

Also known as: Hunters International Ransomware

Status: active • First seen 2023-10150+ known victims

Hunters International claims to be a brand new group, but security researchers found they're actually using code from Hive, a ransomware gang the FBI took down in 2023. They're essentially Hive 2.0 with a new name. They're big on stealing data and threatening to leak it - the encryption is almost secondary to the extortion.

Overview

Hunters International emerged in late 2023 using code derived from the defunct Hive ransomware operation. Despite claims of being a new group, code analysis shows significant overlap with Hive. They focus heavily on data exfiltration and threaten to publish stolen data on their leak site.

Target Industries

Healthcare, Education, Government, Manufacturing, Energy, Financial Services

How They Attack

  • Exploiting known vulnerabilities
  • Purchasing initial access from brokers
  • Phishing campaigns
  • Using Hive-derived ransomware
  • Aggressive data exfiltration before encryption

Notable Victims

Fred Hutchinson Cancer Center (2023), Multiple US healthcare providers, Various educational institutions, Government contractors

Is your business exposed?

How to Protect Against Hunters International

  1. 1.

    Apply Hive-related IOCs and detection rules

  2. 2.

    Monitor for large outbound data transfers

  3. 3.

    Implement DLP controls on sensitive data

  4. 4.

    Healthcare orgs: follow HC3 guidance on Hunters International

  5. 5.

    Block known Hunters International C2 infrastructure

MITRE ATT&CK Techniques

T1190, T1566, T1486, T1567, T1027

Related Groups

Hive, Lockbit, Blackcat

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices