A relatively new ransomware outfit known as CrazyHunter has emerged as a significant threat, particularly targeting Taiwanese organizations.
The group, which started its operations in the healthcare, education, and industrial sectors of Taiwan, leverages sophisticated cyber techniques to disrupt essential services.
CrazyHunter’s toolkit is largely composed of open-source tools sourced from GitHub, with about 80% of their arsenal being open-source.
Notably, they’ve integrated tools like the Prince Ransomware Builder and ZammoCide, enhancing their capabilities significantly.
The use of the Bring Your Own Vulnerable Driver (BYOVD) method has been pivotal in their strategy to bypass security measures by exploiting vulnerabilities in existing system drivers.
The focus of CrazyHunter’s attacks has been exclusively on Taiwan, with the group launching its public face through a leak site where ten victims were initially disclosed, all hailing from the region.
According to the Report, their targets span critical sectors, including hospitals, educational institutions, and industrial companies, which indicates a strategic intent to compromise organizations with valuable and sensitive operations.
The group’s operations, tracked since January, reveal a deliberate pattern of cyber-attacks, leveraging tools for evasion, privilege escalation, and direct impact through ransomware.
For defense evasion, CrazyHunter adapts an open-source process killer called ZammoCide into a formidable anti-virus (AV) and endpoint detection and response (EDR) killer.
This tool, when executed, employs the vulnerable Zemana Anti-Malware driver (zam64.sys) to forcefully terminate security processes, thus facilitating the group’s malicious activities without detection.
Their ransomware, a bespoke variant using the Go programming language, employs advanced ChaCha20 and ECIES encryption to lock files, appending them with a “.Hunter” extension.
The ransomware campaign includes the creation of ransom notes and altering the victim’s desktop wallpaper.
To counter such advanced threats, organizations must adopt rigorous cybersecurity measures:
This proactive stance is necessary as ransomware groups evolve, adapting their tactics to include more sophisticated and complex methods of operation.
The use of open-source tools for nefarious purposes underscores the need for vigilance in managing and securing these resources against misuse.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
A new wave of cyberattacks is targeting Active Directory (AD) environments by abusing Windows Remote…
Security researchers Nikolai Skliarenko and Yazhi Wang of Trend Micro’s Research Team have disclosed critical…
Critical vulnerability in Apache ActiveMQ (CVE-2024-XXXX) exposes brokers to denial-of-service (DoS) attacks by allowing malicious…
Cybersecurity researchers at Kaspersky have identified a new supply chain vulnerability emerging from the widespread…
UK government has unveiled plans to implement passkey technology across its digital services later this…
Significant blow to cybercriminal infrastructure, Europol has coordinated an international operation resulting in the arrest…