Introduction
This Group object reflects the tools & TTPs associated with threat actors known to deploy Hive, a ransomware-as-a-service (RaaS) variant first observed in June 2021.[U.S. CISA Hive November 25 2022] Specific pre- and post-compromise behaviors may vary among intrusions carried out by different Hive affiliates. Hive actors have targeted victims in a wide range of verticals, including the government, communications, manufacturing, information technology, financial services, education, and especially the healthcare sectors. In January 2023, international authorities announced they disrupted Hive ransomware operations, seizing control of servers and websites used for communication among Hive actors and capturing Hive decryption keys.[U.S. Justice Department Hive January 2023]
Activities and Tactics
Information pending cataloguing.
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- RTM:
Attribution and Evidence
Information pending cataloguing.
References
[1] [U.S. CISA Hive November 25 2022 [2] [U.S. Justice Department Hive January 2023