Gandalf_The_Grey
Level 81
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,082
The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks.
The malware helps Hunters International achieve initial infection, elevate their privileges on compromised systems, execute PowerShell commands, and eventually deploy the ransomware payload.
Quorum Cyber researchers who discovered the new malware report that it is disseminated by a typosquatting site impersonating the website for Angry IP Scanner, a legitimate networking tool used by IT professionals.
Hunters International is a ransomware operation launched in late 2023 and flagged as a possible rebrand of Hive due to its code similarities.
Notable victims include U.S. Navy contractor Austal USA, Japanese optics giant Hoya, Integris Health, and the Fred Hutch Cancer Center, where the cybercriminals demonstrated their lack of moral boundaries.
Hunters International's new tactic of deploying websites to impersonate legitimate open-source network scanning tools indicates that they are targeting IT workers in the hopes of breaching accounts with elevated privileges.
Users should be careful of sponsored results in search results to evade malvertising, activate ad blockers to hide these results entirely, and bookmark official project sites known to procure safe installers.
Ransomware gang targets IT workers with new SharpRhino malware
The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks.
www.bleepingcomputer.com