Security News > 2021 > March > Hades Ransomware Gang Exhibits Connections to Hafnium

The Hades ransomware gang has several unique characteristics that set it apart from the rest of the pack, according to researchers - including potentially having more than extortion on the to-do list.

In one Hades ransomware attack, the Awake team identified a Hafnium domain as an indicator of compromise within the timeline of the Hades attack.

Artifacts pointing to the TimosaraHackerTerm ransomware group were seen in multiple cases, likely left a few weeks before the Hades attack.

According to the Awake analysis, the Hades gang appears to be picky about its targets, and mainly goes after organizations with a focus in manufacturing, especially those in the automotive supply chain as well as those with insulation products.

"The Hades actors searched local file systems and databases to find files of interest and sensitive data prior to exfiltration," said Awake researchers.

In all, Awake researchers noted that there are several unique aspects to the Hades modus operandi.

News URL

https://threatpost.com/hades-ransomware-connections-hafnium/165069/