Hunters International Infiltrates Bradford Health Care

By Miklos Zoltan . 5 January 2024

Founder - Privacy Affairs

Fact-Checked this

1 Comments

Hunters International ransomware breached Bradford Health, causing an operations blackout and leading to important data leaks. The total extent of the damages is currently unknown.

Bradford Health has 354 employees and a revenue of approximately $110 million, making this a major cyberattack
Hunters International is one of the most recent cyberhacking actors, having emerged in the 3^rd quarter of 2023
Despite its recent emergence, Hunters International has already revealed some of its secrets
Experts agree that the organization was formed out of the remains of the Hive, one of the most dangerous ransomware groups ever

Hunters International hasn’t been involved in too many attacks, primarily because it’s still a newly formed organization. But the second reason is the scrutiny it has endured ever since its conception.

Experts have followed the group’s development and activity since it came public and already have a good idea about its operations structure. Recent reports have identified Hunters International as operating based on the former Hive cartel’s structure.

Tweet showing the Hunters International attack on the Bradford Health Care — https://twitter.com/FalconFeedsio/status/1742874014962635015

Hunters International denied the claims, which was to be expected. Intelligence analysts declared that 60% of Hunter International’s code overlaps to that of Hive’s. According to preliminary reports, the Hive cartel may no longer be active.

This is the result of an aggressive FBI campaign that presumably forced the Hive leader to move its assets into a new brainchild. This is how Hunters International was born.

How Hunters International Works

The group has a similar MO to Hive and all of the other ransomware organizations. After infiltrating the victim’s systems, the ransomware program clones, downloads, and encrypts critical data. The general website operations often reach to a halt.

The victim will also receive a ransom letter, along with indications on how to contact Hunters International representatives on the Tor network. There, the victim has 2 options: pay the ransom or refuse, in which case Hunters will leak the data online.

Subsequent investigation revealed that, instead of Hunters International being simply a rebranded version of Hive, they are actually a new actor entirely. This is currently the most supported theory.

All the evidence collected to this point shows that the new group rather uses Hive infrastructure and software tools, but not their entire ecosystem. This gives credence to the idea that Hive was forced to dissolve due to the intense legal heat.

As a result, the organization broke into pieces and was forced to sell its assets to the highest bidder.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Miklos Zoltan

1 Comment

Anonymous

January 31, 2024 8:33 pm

Was protected health information breached. Are there any lawsuits from clients?

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.