Hunters International
Intelligence Profile
Emerging in Q3 2023 as a Ransomware-as-a-Service (RaaS) operation, Hunters International has established itself as a distinct yet controversial threat actor in the cybercrime ecosystem. While initial analysis revealed a code overlap with the dismantled Hive ransomware, the group claims independence, asserting it purchased Hive’s source code rather than directly rebranding. This operational lineage enables advanced double-extortion campaigns prioritizing data exfiltration over encryption, with confirmed theft of medical records, financial data, and proprietary business information. The group's ransomware is written in Rust, a programming language favored for its resilience to reverse engineering and cross-platform compatibility.
Threat Analysis
Hunters International is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.
Financially motivated threat actors like Hunters International prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
With high sophistication, Hunters International is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.