The Hades ransomware gang has several unique characteristics that set it apart from the rest of the pack, according to researchers – including potentially having more than extortion on the to-do list. The group appears to use multiple nation-state tools and techniques.
The researchers said that its investigations into the group’s cyberattacks at the end of 2020 suggest one of two possibilities: There is an advanced persistent threat (APT) is operating under the guise of Hades, possibly Hafnium; or, several different groups coincidentally compromised the same environments, “potentially due to weak security practices in general.”
In one Hades ransomware attack, the Awake team identified a Hafnium domain as an indicator of compromise within the timeline of the Hades attack.
Read more…
Source: ThreatPost