Hunters International Ransomware Claims AutoCanada Attack, Threatens Data Leak - #HuntersInternational
Hunters International, a ransomware-as-a-service (RaaS) group active since October 2023, has launched several high-profile cyberattacks using a new remote access trojan (RAT) called SharpRhino. SharpRhino, written in C# and often disguised as the legitimate Angry IP Scanner, has been used to infiltrate IT networks, stealing and encrypting sensitive data. The group has claimed responsibility for numerous attacks in 2024, including breaches of major organizations like the U.S. Marshals Service and the Industrial and Commercial Bank of China. Their tactics involve using sophisticated malware distributed through typo-squatted domains and fake ads, leveraging code-signing certificates to appear legitimate. These attacks have led to significant data theft, including 386 GB from the USMS and 6.6 TB from ICBC, and the threat of public data release if ransoms are not paid. Organizations are advised to implement robust security measures to mitigate such threats, including DNS filtering, network segmentation, and keeping software updated.