• Home
  • News
  • Hunters International Add IJM Corporation To Their Victim List

Hunters International Add IJM Corporation To Their Victim List

Bogdan Pătru

By Bogdan Pătru . 16 March 2024

Tech Writer

Alex Popa

Fact-Checked this

Hunters International announced a new victim recently, the Malaysian mammoth IJM Corporation. This operation follows the actor’s typical MO, which is – always aim for high-value targets with a lot of revenue and a high data mining potential.

  • IJM currently sits at close to $986 million in revenue with 3,800 employees, which makes it a prized trophy
  • It’s unclear how much data Hunters International has managed to secure, but given the victim’s profile, one can only guess
  • Hunters International has been at the forefront of the ongoing ransomware operation unfolding over the past few months
  • According to the latest reports, investigation agencies have identified close to 400 ransomware breaches within the last month globally

This is a worrying trend, especially since several new names have appeared on the radar. However, it’s not newcomers that are the concern right now, but the veterans, and while it may not look like it, Hunters International is one.

This recent attack shows that the organization isn’t one bit intimidated by the recent joint operation that brought down Lockbit. FBI’s Cronos operation managed to eradicate the most infamous and dangerous ransomware operator on the market following months of surveillance.

X showing the Hunters International attack on IJM Corporation
https://twitter.com/FalconFeedsio/status/1761322576624992464

The fact that Hunters International seems to operate without impunity in such a climate is evidence of the actor’s confidence in its abilities. The organization posted evidence of this recent attack on their platform, but didn’t provide any additional details.

However, it’s a known fact that the group relies on the double-extortion tactic to increase the value of the ransom as much as possible. This is a scary prospect when discussing victims like IJM, that pack revenues close to a billion dollars.

Where Did Hunters International Come From?

Hunters International is among the newest ransomware actors with a global footprint. The organization itself came public in October of 2023, but experts have identified older roots in the actor’s code and general MO.

The current theory is that Hunters International is the successor of Hive. Hive was the most powerful, influential, and feared ransomware actor up until January 2023, when the FBI breached it. Hunters International popped up several months later.

Subsequent analysis showed a code overlap of up to 60% between Hunters International and the now-defunct Hive. Anonymous sources confirmed this similarity and also shared the news that many of the former Hive operators jumped boats.

This is typically how things go in the ransomware space; defunct organizations never disappear but rather rebrand themselves or, if that’s not possible, give birth to other groups. Hunters International is one such case.

The group itself admitted to this, but then claimed that their Hive code was imperfect and that they’ve improved it. Whatever the case may be, the link between Hunters International and Hive explains the former’s astounding influence and ingenuity.

Hunters International now ranks as one of the most dangerous ransomware actors in the world. This is both due to its high level of activity and its tools and tactics, allowing it to breach even the most secure targets.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment