Ransomware Attack on SuperDrob S.A. by Hunters International

SuperDrob S.A., a leading Polish poultry producer, has fallen victim to a ransomware attack orchestrated by the Hunters International group. The attackers claim to have exfiltrated 443.8 GB of sensitive company data and have threatened to release it within the next few days.

About SuperDrob S.A.

SuperDrob S.A. is a prominent player in the Polish poultry industry, specializing in the production and distribution of high-quality poultry products. Established 27 years ago, the company operates from its headquarters in Karczew, near Warsaw, with additional facilities in Łódź, Lublin, and Goleniów. SuperDrob's product range includes fresh poultry, processed poultry, convenience products, and ready-to-eat meals. The company emphasizes stringent health and safety standards in its production processes, ensuring high-quality offerings for its customers.

SuperDrob employs a significant workforce and boasts an annual revenue exceeding PLN 1 billion, underscoring its financial performance and strong market presence. The company's commitment to quality and innovation has positioned it as a key player in the Polish agri-food market.

Attack Overview

The ransomware group Hunters International has claimed responsibility for the attack on SuperDrob S.A. via their dark web leak site. The group alleges that they have obtained 443.8 GB of the company's data and have issued a threat to publish it within the next 3 to 4 days. This attack poses a significant risk to SuperDrob, potentially leading to data breaches, financial losses, and reputational damage.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, following the disruption of the notorious Hive ransomware group. The group's ransomware code shares approximately 60% overlap with Hive ransomware, indicating a shared technical lineage. Hunters International focuses on exfiltrating target data and extorting victims with ransom demands in exchange for the return of the stolen data.

Investigations have revealed potential ties to Nigeria through domain registrations and email addresses associated with the group. However, the group is known for using fake identities and deceptive methods to conceal their true origins. Despite denying any affiliation with Hive, Hunters International's techniques and operational strategies closely resemble those of the dismantled group.

Potential Vulnerabilities

SuperDrob's extensive operations and significant workforce make it a lucrative target for ransomware groups like Hunters International. The company's reliance on digital systems for production, distribution, and quality control may have presented vulnerabilities that the attackers exploited. The exact method of penetration remains unclear, but common vectors include phishing attacks, exploiting unpatched software vulnerabilities, and leveraging weak network security protocols.

• SuperDrob S.A. Official Website
• EMIS Company Profile
• SOCRadar: Dark Web Profile - Hunters International
• Quorum Cyber: Hunters International Ransomware Report