Malware, Phishing, Threat Intelligence

Latest Hunters International attacks involve new RAT

Share
Trojan malware

Infiltration of corporate networks has been sought by the Hunters International ransomware gang with attacks targeting IT professionals with the new C#-based SharpRhino remote access trojan, according to BleepingComputer.

Hunters International has leveraged a typosquatted site for the widely used Angry IP Scanner to lure IT workers into downloading an installer, which when executed ensures persistence through a Windows registry modification while injecting a PowerShell script executing BAT file to launch SharpRhino without being detected, a report from Quorum Cyber revealed. Featuring commands for timing a succeeding POST request for command retrieval and ending communications, SharpRhino could enable PowerShell execution on the host and additional malicious activities, said researchers. Such a development comes nearly a year after Hunters International's emergence as a potential Hive ransomware rebrand. Since then, Hunters has become one of the most formidable ransomware operations, having compromised Integris Health, Austal USA, Hoya, and the Fred Hutch Cancer Center, among others.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.