Hunters International Add IJM Corporation To Their Victim List

By Bogdan Pătru . 16 March 2024

Tech Writer

Fact-Checked this

Hunters International announced a new victim recently, the Malaysian mammoth IJM Corporation. This operation follows the actor’s typical MO, which is – always aim for high-value targets with a lot of revenue and a high data mining potential.

IJM currently sits at close to $986 million in revenue with 3,800 employees, which makes it a prized trophy
It’s unclear how much data Hunters International has managed to secure, but given the victim’s profile, one can only guess
Hunters International has been at the forefront of the ongoing ransomware operation unfolding over the past few months
According to the latest reports, investigation agencies have identified close to 400 ransomware breaches within the last month globally

This is a worrying trend, especially since several new names have appeared on the radar. However, it’s not newcomers that are the concern right now, but the veterans, and while it may not look like it, Hunters International is one.

This recent attack shows that the organization isn’t one bit intimidated by the recent joint operation that brought down Lockbit. FBI’s Cronos operation managed to eradicate the most infamous and dangerous ransomware operator on the market following months of surveillance.

X showing the Hunters International attack on IJM Corporation — https://twitter.com/FalconFeedsio/status/1761322576624992464

The fact that Hunters International seems to operate without impunity in such a climate is evidence of the actor’s confidence in its abilities. The organization posted evidence of this recent attack on their platform, but didn’t provide any additional details.

However, it’s a known fact that the group relies on the double-extortion tactic to increase the value of the ransom as much as possible. This is a scary prospect when discussing victims like IJM, that pack revenues close to a billion dollars.

Where Did Hunters International Come From?

Hunters International is among the newest ransomware actors with a global footprint. The organization itself came public in October of 2023, but experts have identified older roots in the actor’s code and general MO.

The current theory is that Hunters International is the successor of Hive. Hive was the most powerful, influential, and feared ransomware actor up until January 2023, when the FBI breached it. Hunters International popped up several months later.

Subsequent analysis showed a code overlap of up to 60% between Hunters International and the now-defunct Hive. Anonymous sources confirmed this similarity and also shared the news that many of the former Hive operators jumped boats.

This is typically how things go in the ransomware space; defunct organizations never disappear but rather rebrand themselves or, if that’s not possible, give birth to other groups. Hunters International is one such case.

The group itself admitted to this, but then claimed that their Hive code was imperfect and that they’ve improved it. Whatever the case may be, the link between Hunters International and Hive explains the former’s astounding influence and ingenuity.

Hunters International now ranks as one of the most dangerous ransomware actors in the world. This is both due to its high level of activity and its tools and tactics, allowing it to breach even the most secure targets.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Author, Creative Writer, and Tech-Geek Bogdan has followed his passion for the digital world ever since he got his hands on his first PC. After years of accumulating knowledge and experience, the good Samaritan in him whispered to him one day about the virtue of sharing that knowledge with those who needed it. It was in 2014 when that idea would grow into a life-defining passion. One that keeps driving him to this day.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

Hunters International Add IJM Corporation To Their Victim List

Where Did Hunters International Come From?

Our Mission

Bogdan Pătru

Leave a Comment Cancel