The presence of ransomware in the digital microcosm has been a norm in recent times. We have learned a lot about Hafnium ransomware from its recent attacks on the Microsoft Exchange servers and how the Hades ransomware has left a trail of devastation in its wake. Consequently, our experts took a look at both of them in order to connect the dots and see if they can be related.
It is rumored in the digital world that Hafnium might be operating under the disguise of Hades. The breadcrumb that leads a lot of researchers to this conclusion is that in one of Hades’s attacks, an IoC was identified to be a Hafnium domain within corresponding timelines. However, there has only been one such instance that has been spotted for now.
More..
- In several cases, the victim environment of Hades has also found to correlate with artifacts from the TimoSaraHackerTeam (THT).
- Although, some researchers stated that Hades is just a 64-bit compiled strain of WastedLocker that is propagated by the EvilCorp threat actor.
- Additionally, similarities in the ransom notes of REvil ransomware and Hades.
- It has also been noticed that Hades doesn’t use its own malware and thus, might be working in tandem with other threat actors.
- Hades is suspected to be leveraging other RaaS.
Recent Attacks By Hades
- Since December 2020, Hades ransomware has been used by an unknown financially motivated threat actor, affecting at least 3 big names.
- A trucking and freight logistics firm, Forward Air, bore the brunt of Hades’ attack and had to take their systems offline.
Hades has been unrelentingly causing chaos across the digital world even though it’s a relatively new entity in the threat landscape. Even though its soon to say if Hades is connected to Hafnium, they do have similarities that have been noted by various researchers. Hades also shares IoCs with other threat actors but no concrete evidence has been found to link the ransomware group with another.
Only time will tell if the threat actors are related or if it’s the same malicious force behind both the ransomware.
To read more, please check eScan Blog
