• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

 | 

Authorities released free decryptor for Phobos and 8base ransomware

 | 

Anne Arundel Dermatology data breach impacts 1.9 million people

 | 

LameHug: first AI-Powered malware linked to Russia’s APT28

 | 

5 Features Every AI-Powered SOC Platform Needs in 2025

 | 

Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025

 | 

Stormous Ransomware gang targets North Country HealthCare, claims 600K patient data stolen

 | 

United Natural Foods Expects $400M revenue impact from June cyber attack

 | 

Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity

 | 

UNC6148 deploys Overstep malware on SonicWall devices, possibly for ransomware operations

 | 

Operation Eastwood disrupted operations of pro-Russian hacker group NoName057(16)

 | 

Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

 | 

Former US Army member confesses to Telecom hack and extortion conspiracy

 | 

CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025

 | 

DDoS peaks hit new highs: Cloudflare mitigated massive 7.3 Tbps assault

 | 

U.S. CISA adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog

 | 

Android Malware Konfety evolves with ZIP manipulation and dynamic loading

 | 

Belk hit by May cyberattack: DragonForce stole 150GB of data

 | 

North Korea-linked actors spread XORIndex malware via 67 malicious npm packages

 | 

FBI seized multiple piracy sites distributing pirated video games

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Malware
  • French authorities arrested a Russian national for his role in the Hive ransomware operation

French authorities arrested a Russian national for his role in the Hive ransomware operation

Pierluigi Paganini December 14, 2023

French police arrested a Russian national who is suspected of laundering money resulting from the criminal activity of the Hive ransomware gang.

The French authorities arrested in Paris a Russian national who is suspected of laundering criminal proceeds for the Hive ransomware gang.

“A Russian, suspected of having recovered in cryptocurrencies the money taken from French victims of the powerful Hive ransomware , dismantled in January, was arrested last week, AFP learned on Tuesday December 12 from the judicial police.” reported AFP.  “The suspect, ” aged around forty and who resided in Cyprus “, was arrested on December 5 while he was in Paris, said Christophe Durand, head of the cyber-investigations unit of the brand new Office. anti-cybercrime (Ofac).”

#Cyber | 🚨 Nouvelle interpellation dans l’affaire du #rançongiciel #Hive : après le coup de filet international en janvier permettant de démanteler ce réseau de hackers constituant une grave menace, la #PoliceJudiciaire a interpellé à Paris un individu soupçonné d’avoir blanchi… https://t.co/YPx4KGvkkX

— Police nationale (@PoliceNationale) December 13, 2023

The police seized more than 570,000 euros worth of cryptocurrency during the search of his Cypriot home. The international operation was conducted with the cooperation of Europol and Eurojust. 

The threat actors behind the Hive RaaS have extorted $100 million in ransom payments from over 1,300 companies worldwide as of November 2022, reported the U.S. cybersecurity and intelligence authorities.

As of November 2022, Hive ransomware actors have victimized over 1,300 companies worldwide, receiving approximately US$100 million in ransom payments” reads the alert published by CISA in November.

The authorities reported that from June 2021 through at least November 2022, threat actors targeted a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH).

The Hive ransomware operation has been active since June 2021, it provides Ransomware-as-a-Service Hive and adopts a double-extortion model threatening to publish data stolen from the victims on their leak site (HiveLeaks). In April 2021, the Federal Bureau of Investigation (FBI) released a flash alert on the Hive operation attacks that included technical details and indicators of compromise associated with the operations of the gang. According to a report published by blockchain analytics company Chainalysis, the Hive operation is one of the top 10 ransomware strains by revenue in 2021. The group used various attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials.

The Hive operation was dismantled in January 2023 by the FBI, in coordination with German and Dutch police forces, as well as Europol. The ransomware gang breached sixty organizations in France, including the companies Altice or Damart, the National School of Civil Aviation (Enac), the departmental council of Seine-Maritime, the town hall of Annecy or the community of Guadeloupe, reported Le Figarò.

The Tor leak site used by Hive operators has been seized as part of an international operation conducted by law enforcement in 10 countries.

Hive ransomware

“The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware.” reads the message displayed in English and Russian on the Hive ransomware website.

After international authorities seized the Hive gang’s infrastructure, a new ransomware group named Hunters International emerged in the threat landscape.

Hunters International is suspected to be a sort of rebrand of the Hive ransomware gang.

Experts noticed that the Hunters International group is using a code that is very similar to the one used by the Hive gang.

Ever since the takedown of Hive ransomware by the FBI, it seems the operators have been busy developing their next project: Hunters International.

Multiple code overlaps and similarities link Hive and Hunters together, at least +60% match from my research 🔍 h/t @rivitna2 https://t.co/60quS4N9O9

— Will (@BushidoToken) October 20, 2023

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Hive)


facebook linkedin twitter

Cybercrime Hacking hacking news Hive Ransomware information security news IT Information Security malware Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini July 19, 2025
Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release
Read more
Pierluigi Paganini July 18, 2025
Authorities released free decryptor for Phobos and 8base ransomware
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

    Hacking / July 19, 2025

    Authorities released free decryptor for Phobos and 8base ransomware

    Malware / July 18, 2025

    Anne Arundel Dermatology data breach impacts 1.9 million people

    Data Breach / July 18, 2025

    LameHug: first AI-Powered malware linked to Russia’s APT28

    APT / July 18, 2025

    5 Features Every AI-Powered SOC Platform Needs in 2025

    Security / July 18, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT