Cyber Threat Intelligence Weekly Update: 27th January 2023

United States Justice Department disrupt Hive Ransomware operations

This week we reported on an announcement from The United States Justice Department disclosing a monthslong operation to disrupt the Hive RansomwareasaService (RaaS) and claiming to have saved more than USD 100 million as a result of their efforts. Since late July 2022, the FBI penetrated Hive’s network and obtained 300 decryption keys which were then offered to companies that were actively being targeted by the RaaS group. A further announcement also outlined a joint operation with German law enforcement and the Netherlands National High Tech Crime Unit which seized control of Hive’s servers and leak site. This activity disrupted communication between Hive’s members and its affiliates’ ability to carry out ransomware operations.


Hive was particularly prominent throughout 2022, and this disruption represents a significant victory for law enforcement. We assess that although US law enforcement was successful, their actions are unlikely to have a major impact on the general ransomware threat, with talented Hive affiliates likely to be enticed to join other prominent RaaS groups. However, it does demonstrate that ransomware groups are susceptible to law enforcement operations, which may provoke the RaaS groups to improve their operational security to mitigate the impact of future law enforcement activity.

 

Cybercriminals: Password managers increasingly targeted by cybercriminals

Nation-State: USD 100 million cryptocurrency theft attributed to the Lazarus Group

Hacktivists: Pro-Russian hacktivists launch DDoS campaign against German entities

Subscribe below to receive the full version.