Introduction
History and Origins Origins: Formerly known as “Hunters International,” active since late 2023, and believed to be a reincarnation of the Hive group. Rebranding: In January 2025, Hunters International ceased file-encrypting attacks and reemerged under the WorldLeaks banner, focusing solely on data theft and extortion. Tactics, Techniques, and Objectives Model: Operates as an “extortion-as-a-service” (EaaS) platform. Affiliates are provided with tools to automatically extract data. Exfiltration & Publication: Theft of sensitive data followed by a threat of publication on a Tor site if the victim refuses to pay No encryption: The group abandons file encryption to focus on theft, reducing complexity and risk
Activities and Tactics
Information pending cataloguing.
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
Information pending cataloguing.
Attribution and Evidence
Information pending cataloguing.
References
References pending cataloguing.