Hunters International
Intelligence Profile
Emerging in Q3 2023 as a Ransomware-as-a-Service (RaaS) operation, Hunters International has established itself as a distinct yet controversial threat actor in the cybercrime ecosystem. While initial analysis revealed a code overlap with the dismantled Hive ransomware, the group claims independence, asserting it purchased Hive’s source code rather than directly rebranding. This operational lineage enables advanced double-extortion campaigns prioritizing data exfiltration over encryption, with confirmed theft of medical records, financial data, and proprietary business information. The group's ransomware is written in Rust, a programming language favored for its resilience to reverse engineering and cross-platform compatibility.
Threat Analysis
Hunters International is a advanced-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of espionage.
The group's espionage-oriented operations suggest a state-sponsored or state-aligned mandate, typically focused on stealing intellectual property, government secrets, or military intelligence. Targets are usually selected for strategic value rather than financial gain.
Classified as an advanced threat actor, Hunters International likely develops or acquires zero-day exploits, employs custom malware toolchains, and demonstrates long-term persistence capabilities — hallmarks of a well-resourced operation consistent with nation-state backing.