Hades ransomware has lately been in the daily news and created devastation in its wake. And, we already know about Hafnium from the most recent attacks on Microsoft Exchange Servers. Can these two be related? Experts surmise.
Researchers surmise that the Hafnium APT group might be operating under the disguise of Hades. One of the findings that brought them to this conclusion is that in one of Hades’s attacks, an IoC was identified to be a Hafnium domain within corresponding timelines. However, this was spotted in only one of the Hades related-cases.
Is that all?
- The victim environment of Hades has also found to correlate with artifacts from the TimosaraHackerTeam (THT) in several cases.
- However, Crowdstrike stated that Hades is just a 64-bit compiled strain of WastedLocker, propagated by the Evil Corp threat actor.
- In addition to this, similarities have been spotted in ransom notes of Hades and REvil operators.
- Awake researchers found that Hades doesn’t use its own malware and thus, might be working with other threat actors. The ransomware is suspected to be leveraging various RaaS.
Latest attacks by Hades
- An unknown financially motivated threat actor has been using Hades ransomware in campaigns that have affected at least three big games since December 2020.
- Forward Air, a trucking and freight logistics firm, was hit by Hades and had to take its systems offline.
Although a relatively new addition to the threat landscape, Hades has been unrelentingly causing chaos across the cyber world. Although Hades might have a potential connection with Hafnium, it is too soon to say that they are run by the same operators. Hades also shares IoCs with other threat actors but no concrete evidence has been found to link the ransomware group with another. Guess we'll just have to wait.