BTC $66491.5139
ETH $3184.3983
BNB $601.6419
SOL $155.6108
stETH $3185.1637
XRP $0.5495
DOGE $0.1586
TON $5.8776
ADA $0.5099
AVAX $38.8942
wstETH $3708.0998
WBTC $66518.7062
DOT $7.3764
WETH $3184.7962
TRX $0.1114
BCH $512.3077
LINK $15.4337
MATIC $0.7334
UNI $8.1252
ICP $14.9003
LTC $84.7276
DAI $0.9990
CAKE $2.9972
RNDR $9.1863
IMX $2.3935
STX $3.0458
NEAR $6.9983
ETC $28.0765
FDUSD $1.0009
MNT $1.2093
FIL $6.5339
TAO $511.7762
OKB $54.7486
HBAR $0.0893
VET $0.0421
KAS $0.1250
ATOM $8.8532
GRT $0.3029
PEPE $0.0000
WIF $2.8536
FET $2.4350
MKR $2854.7795
INJ $28.3839
THETA $2.3975
USDE $0.9992
XLM $0.1167
CORE $2.5851
BTC $66491.5139
ETH $3184.3983
BNB $601.6419
SOL $155.6108
stETH $3185.1637
XRP $0.5495
DOGE $0.1586
TON $5.8776
ADA $0.5099
AVAX $38.8942
wstETH $3708.0998
WBTC $66518.7062
DOT $7.3764
WETH $3184.7962
TRX $0.1114
BCH $512.3077
LINK $15.4337
MATIC $0.7334
UNI $8.1252
ICP $14.9003
LTC $84.7276
DAI $0.9990
CAKE $2.9972
RNDR $9.1863
IMX $2.3935
STX $3.0458
NEAR $6.9983
ETC $28.0765
FDUSD $1.0009
MNT $1.2093
FIL $6.5339
TAO $511.7762
OKB $54.7486
HBAR $0.0893
VET $0.0421
KAS $0.1250
ATOM $8.8532
GRT $0.3029
PEPE $0.0000
WIF $2.8536
FET $2.4350
MKR $2854.7795
INJ $28.3839
THETA $2.3975
USDE $0.9992
XLM $0.1167
CORE $2.5851
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • FBI infiltrated the Hive group and eliminated it from the inside


    Former FBI employees told how their colleagues stopped the activities of a dangerous syndicate.

    The international cybercrime syndicate Hive ceased to exist in January after the FBI seized the group's IT infrastructure.

    According to the US Department of Justice (DoJ), FBI agents infiltrated the gang in July 2022 and provided the victims with more than 300 decryptor keys, saving them from having to pay $130 million in ransom. This means that in the past 6 months the authorities have been aware of most of the victims of Hive, and the syndicate is likely to have experienced a sharp drop in ransom proceeds. However, cybercriminals had no idea that they had insiders.

    How did the FBI agents infiltrate Hive?

    How exactly the operation was carried out is classified information, but former FBI special agent Darren Mott, who specializes in cybercrime, believes that the FBI had an undercover agent, or, more likely, the Bureau recruited someone inside Hive. One clear sign of an insider is an insecure decryptor.

    Former FBI adviser Chris Pearson said the operation could also combine the two approaches. For example, the authorities could recruit an insider to invite "their" person to join the team.

    A different approach could have been used to take over Hive: FBI hackers infiltrated Hive's systems without internal help. Once inside, the feds began to monitor the activities of cybercriminals on the network. "In fact, they hack into the environment, sit and watch and accumulate information about the operation - just like cybercriminals do when they attack a company," Pearson said.

    Why didn't the Hive syndicate notice they were at gunpoint?

    The FBI provided more than 300 decryption keys to Hive victims, however, the hackers still did not notice so many failed attacks. This may be due to the fact that Hive operates on a RaaS (Ransomware-as-a-Service) model - the syndicate had so many affiliates that it did not follow the victims.

    The FBI could also learn which entry points Hive was using, share the information with targeted victims, and allow them to beef up defenses during the initial stages of the attack. Cybercriminals might not suspect anything at all if the victims who chose to cooperate with law enforcement did not publicly declare that they were attacked.

    It's also possible that Hive was simply ignoring the ratio of hacks to paid ransoms, Pearson said. This may be due to problems with the software, lack of data collection, or lack of file decryption.

    Why did the FBI wait 6 months?

    Randy Pargman, a former member of the FBI Cyber Task Force, believes that the longer the authorities stay inside, the more likely they are to destroy the systems of criminals. If they immediately shut down the Hive server, the attackers would simply restore another server and continue their activities. Instead, law enforcement monitored the server and secretly provided victims with decryption keys.

    Law enforcement may have discreetly informed all the victims they could get their hands on, but some companies chose to pay the ransom anyway to keep their files from being released by the hackers. All the efforts of the FBI have led to the fact that the Hive syndicate is no longer active, but the hackers may soon split up and join other groups, as the members of Conti did after the breakup of the group.

    Author DeepWeb
    New malware NikoWiper is aimed at the energy sector of Ukraine
    ChatGPT will destroy Google in 2 years

    Comments 0

    Add comment