Cato Ctrl Threat Research: Unmasking Hellcat – Not Your Average Ransomware Gang
Thumbnail
Hellcat is a new ransomware gang that emerged in 2024, targeting critical infrastructure, government organizations, educational institutions, and energy sectors. Utilizing a ransomware-as-a-service model and employing double extortion tactics, Hellcat aims to humiliate its victims while extracting ransom. Recent attacks in late 2024 highlight their aggressive approach and the need for enhanced cybersecurity measures. Affected: Schneider Electric SE, Tanzania’s College of Business Education, Major U.S. University, French Energy Distribution Company, Iraq City Government

Keypoints :

  • Hellcat is a ransomware gang that surfaced in 2024.
  • They use a ransomware-as-a-service (RaaS) model to provide tools to affiliates.
  • Employ double extortion tactics aimed at humiliation and public pressure.
  • Notable attacks occurred against various organizations in November and December 2024.
  • Targets included Schneider Electric, educational institutions, and government entities.
  • Ransom demands included mocking references to “Baguettes” and low-cost root access sales.
  • Utilized zero-day vulnerabilities and privilege escalation in their attacks.
  • Highlighted the importance of cybersecurity measures to combat ransomware threats.

MITRE Techniques :

  • Exploitation of Vulnerability (T1203): Exploited zero-day vulnerabilities in Jira during the Schneider Electric SE attack.
  • Privilege Escalation (T1068): Achieved root or admin level access in various attacks.
  • Data Encrypted for Impact (T1486): Exfiltrated data before encrypting target systems.
  • Supply Chain Compromise (T1195): Targeted infrastructure leading to significant data leaks.
  • Credential Dumping (T1003): Gained access to sensitive information through compromised systems.

Indicator of Compromise :

  • [domain] bleepingcomputer[.]com
  • [domain] hackread[.]com
  • [url] darkwebforums[.]com
  • [email] [email protected]
  • [file name] Schneider_Electric_Data_Leak.txt
  • Check the article for all found IoCs.

Full Research: https://www.catonetworks.com/blog/unmasking-hellcat-not-your-average-ransomware-gang/