Friday, May 9, 2025
Homecyber securityCrazyHunter Hacker Group Exploits Open-Source GitHub Tools to Target Organizations

CrazyHunter Hacker Group Exploits Open-Source GitHub Tools to Target Organizations

Published on

SIEM as a Service

Follow Us on Google News

A relatively new ransomware outfit known as CrazyHunter has emerged as a significant threat, particularly targeting Taiwanese organizations.

The group, which started its operations in the healthcare, education, and industrial sectors of Taiwan, leverages sophisticated cyber techniques to disrupt essential services.

Sophisticated Techniques and Open-Source Exploitation

CrazyHunter’s toolkit is largely composed of open-source tools sourced from GitHub, with about 80% of their arsenal being open-source.

- Advertisement - Google News

Notably, they’ve integrated tools like the Prince Ransomware Builder and ZammoCide, enhancing their capabilities significantly.

The use of the Bring Your Own Vulnerable Driver (BYOVD) method has been pivotal in their strategy to bypass security measures by exploiting vulnerabilities in existing system drivers.

CrazyHunter Hacker
The flow of the ransomware deployment process

Targeted Campaign Against Taiwanese Organizations

The focus of CrazyHunter’s attacks has been exclusively on Taiwan, with the group launching its public face through a leak site where ten victims were initially disclosed, all hailing from the region.

According to the Report, their targets span critical sectors, including hospitals, educational institutions, and industrial companies, which indicates a strategic intent to compromise organizations with valuable and sensitive operations.

The group’s operations, tracked since January, reveal a deliberate pattern of cyber-attacks, leveraging tools for evasion, privilege escalation, and direct impact through ransomware.

For defense evasion, CrazyHunter adapts an open-source process killer called ZammoCide into a formidable anti-virus (AV) and endpoint detection and response (EDR) killer.

CrazyHunter Hacker
Command-Line Interface (CLI) of the open-source tool ZammoCide

This tool, when executed, employs the vulnerable Zemana Anti-Malware driver (zam64.sys) to forcefully terminate security processes, thus facilitating the group’s malicious activities without detection.

Their ransomware, a bespoke variant using the Go programming language, employs advanced ChaCha20 and ECIES encryption to lock files, appending them with a “.Hunter” extension.

The ransomware campaign includes the creation of ransom notes and altering the victim’s desktop wallpaper.

To counter such advanced threats, organizations must adopt rigorous cybersecurity measures:

  • Access Control: Ensure that users only have access to necessary data and systems, implementing Multi-Factor Authentication (MFA) for critical access points.
  • Regular Updates: Keeping all systems, including drivers, up-to-date can prevent exploitation of known vulnerabilities.
  • Backup and Recovery: Regular backups to isolated environments are crucial to minimizing data loss.
  • Endpoint Protection: Utilize endpoint security solutions that focus on monitoring and blocking unauthorized driver installations.
  • Training and Awareness: Ongoing education to recognize and respond to phishing and other attack vectors is vital.

This proactive stance is necessary as ransomware groups evolve, adapting their tactics to include more sophisticated and complex methods of operation.

The use of open-source tools for nefarious purposes underscores the need for vigilance in managing and securing these resources against misuse.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

FBI Warns Hackers Are Using End-of-Life Routers to Mask Their Tracks

The Federal Bureau of Investigation (FBI) has issued a stark warning to businesses and...

Azure Storage Utility Vulnerability Allows Privilege Escalation to Root Access

A critical vulnerability discovered by Varonis Threat Labs has exposed users of Microsoft Azure’s...

Critical Vulnerability in Ubiquiti UniFi Protect Camera Allows Remote Code Execution by Attackers

Critical security vulnerabilities in Ubiquiti’s UniFi Protect surveillance ecosystem-one rated the maximum severity score...

IXON VPN Client Vulnerability Allows Privilege Escalation for Attackers

A critical security vulnerability in IXON’s widely used VPN client has exposed Windows, Linux,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

FBI Warns Hackers Are Using End-of-Life Routers to Mask Their Tracks

The Federal Bureau of Investigation (FBI) has issued a stark warning to businesses and...

Azure Storage Utility Vulnerability Allows Privilege Escalation to Root Access

A critical vulnerability discovered by Varonis Threat Labs has exposed users of Microsoft Azure’s...

Critical Vulnerability in Ubiquiti UniFi Protect Camera Allows Remote Code Execution by Attackers

Critical security vulnerabilities in Ubiquiti’s UniFi Protect surveillance ecosystem-one rated the maximum severity score...