ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Hades

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Hades

NamesHades
CategoryMalware
TypeRansomware, Big Game Hunting
Description(Accenture) At this time, it is unclear if the unknown threat group operates under an affiliate model, or if Hades is distributed by a single group. Under an affiliate model, developers’ partner with affiliates who are responsible for various tasks or stages of the operation lifecycle, such as distributing the malware, providing initial access to organizations or even target selection and reconnaissance. However, based on intrusion data from incident response engagements, the operators tailor their tactics and tooling to carefully selected targets and run a more “hands on keyboard” operation to inflict maximum damage and higher payouts.

In addition, we identified similarities in the Hades ransom notes to those that have been used by REvil ransomware operators, where portions of the ransom notes observed contain identical wording. The differentiating factors in the ransom notes are the operators’ contact information and the formatting of the ransom notes. While the ransom notes are similar, we do not have any evidence to suggest the threat groups or operations have any overlap at this time.
Information<https://www.accenture.com/us-en/blogs/cyber-defense/unknown-threat-group-using-hades-ransomware>
<https://awakesecurity.com/blog/incident-response-hades-ransomware-gang-or-hafnium/>
<https://www.secureworks.com/blog/hades-ransomware-operators-use-distinctive-tactics-and-infrastructure>
<https://www.accenture.com/us-en/blogs/security/ransomware-hades>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.hades>

Last change to this tool card: 08 August 2021

Download this tool card in JSON format

All groups using tool Hades

ChangedNameCountryObserved

APT groups

XIndrik SpiderRussia2007-Oct 2024 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents
Telephone +66 (0)2-123-1227
E-mail [email protected]