Names | Hades | |
Category | Malware | |
Type | Ransomware, Big Game Hunting | |
Description | (Accenture) At this time, it is unclear if the unknown threat group operates under an affiliate model, or if Hades is distributed by a single group. Under an affiliate model, developers’ partner with affiliates who are responsible for various tasks or stages of the operation lifecycle, such as distributing the malware, providing initial access to organizations or even target selection and reconnaissance. However, based on intrusion data from incident response engagements, the operators tailor their tactics and tooling to carefully selected targets and run a more “hands on keyboard” operation to inflict maximum damage and higher payouts. In addition, we identified similarities in the Hades ransom notes to those that have been used by REvil ransomware operators, where portions of the ransom notes observed contain identical wording. The differentiating factors in the ransom notes are the operators’ contact information and the formatting of the ransom notes. While the ransom notes are similar, we do not have any evidence to suggest the threat groups or operations have any overlap at this time. | |
Information | <https://www.accenture.com/us-en/blogs/cyber-defense/unknown-threat-group-using-hades-ransomware> <https://awakesecurity.com/blog/incident-response-hades-ransomware-gang-or-hafnium/> <https://www.secureworks.com/blog/hades-ransomware-operators-use-distinctive-tactics-and-infrastructure> <https://www.accenture.com/us-en/blogs/security/ransomware-hades> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.hades> |
Last change to this tool card: 08 August 2021
Download this tool card in JSON format
Previous: Hackfase
Next: HALFBAKED
Changed | Name | Country | Observed | ||
APT groups | |||||
Indrik Spider | 2007-Oct 2024 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |