Latest news with #HuntersInternational
Forbes
11-05-2025
- Forbes
Beware — These Ransomware Hackers Are Watching You Work
Ransomware attackers can now watch what you are doing. The ransomware threat is evolving, and attackers are continually seeking new angles and technologies to exploit, to aid with leveraging payments in these modern-day extortion schemes. Some are hard to fathom, like the DOGE-trolling hackers demanding $1 trillion, exploiting zero-day vulnerabilities in Windows, and the increasingly common use of 2FA bypass attacks and access to 19 billion compromised passwords on the dark web. But what if ransomware hackers were using employee monitoring software to see what you are up to during the attack and to steal your credentials as well? Welcome to the sinister world of Qilin and Hunters International ransomware. While the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have recently issued a security alert about the dangers that unsophisticated threat actors pose to U.S. critical infrastructure services, that doesn't mean all ransomware hackers are using the kind of basic and elementary intrusion techniques described in the CISA advisory. Take the Qilin and Hunters International ransomware threat, whose affiliates have been observed using a legitimate employee monitoring tool during their attacks. The ransomware attacks in question started with malicious Google Ads deployed by the threat actors. These were designed to display 'when people searched for RVTools, a free Windows utility for managing VMware vSphere deployments,' Sergiu Gatlan at Bleeping Computer, said. If the would-be victim clicked through that advert then it started a waterfall of nefarious events leading to the download and installation of something called Kickidler. Here's the thing: Kickidler is not malware. In fact, it's a perfectly legitimate employee monitoring tool that's deployed by more than 5,000 organizations across the world. The key point of interest is that it provides a visual monitoring capability. Once installed, the ransomware hackers can literally see what you are doing. Varonis threat research investigators have suggested that the ransomware attackers have used the software in order to have undetected access to target systems for weeks at a time, enabling the collection of the credentials required to gain access to critical off-site cloud data backups. It is recommended, therefore, that network defenders ensure the effective and regular auditing of any installed remote monitoring and management software.
Yahoo
12-03-2025
- Automotive
- Yahoo
Tata Technologies' data leaked by ransomware gang
A ransomware group called Hunters International has published some of the data it claims to have stolen from Tata Technologies, just over a month after the Indian company confirmed a ransomware attack that resulted in the suspension of some services. The leaked data, published on the gang's dark web leak site — which TechCrunch has seen — includes personal details about some current and former employees at Tata Technologies, as well as confidential information, including purchase orders and the company's contracts with customers in India and the United States. The ransomware gang says the data set includes over 730,000 documents, including Excel spreadsheets, PowerPoint presentations, and PDF files, cumulatively totaling about 1.4 terabytes in size. In late January, Tata Technologies informed Indian stock exchanges about a ransomware attack that affected "a few of" the company's IT assets. At the time, Tata said its client services "remained fully functional and unaffected throughout." It is unclear whether the data uploaded by the Hunters International ransomware group is related to the ransomware attack that Tata Technologies disclosed earlier this year. When reached multiple times by TechCrunch, representatives for Tata have not yet provided comment. Founded in 1989 as an automotive unit of Tata Motors, Tata Technologies spun off as a separate company in 1994 and has been operating as a subsidiary of the Indian conglomerate Tata Group since. Tata Technologies provides product engineering and research and development services to automotive, aerospace equipment makers, and engineering companies across 27 countries. The company has 20 delivery centers and over 12,500 employees, per its website. Surfacing in late 2023, Hunters International is relatively a new ransomware-as-a-service group, which leases out its infrastructure to affiliate hackers who carry out ransomware attacks, and Hunters International takes a cut of the proceeds from ransom payments. Hunters International also appears to have some links with the Hive ransomware gang, which law enforcement agencies largely disrupted in 2023. The Hive gang leaked some of the data stolen by another Tata Group company, Tata Power, in 2022. Sign in to access your portfolio
