Ransomware Breach: Hunters International Hits EEAS
Ransomware Attack on the European External Action Service by Hunters International
The European External Action Service (EEAS), the diplomatic arm of the European Union, has been targeted in a ransomware attack by the cybercriminal group Hunters International. This breach has led to the exfiltration of approximately 52.3 GB of sensitive data, sparking significant concerns about the security of diplomatic communications and geopolitical information.
About the European External Action Service
Established in 2010, the EEAS is a key institution within the EU framework, tasked with managing the EU's foreign relations and executing its Common Foreign and Security Policy. Headquartered in Brussels, the EEAS operates under the leadership of the High Representative for Foreign Affairs and Security Policy, Josep Borrell. With over 140 delegations worldwide, the EEAS plays a vital role in representing EU interests globally. Its extensive network and diplomatic functions make it a prominent entity in international relations, but also a prime target for cyber threats.
Attack Overview
Hunters International, a ransomware group that surfaced in October 2023, has taken responsibility for the attack on the EEAS. The group is recognized for its sophisticated ransomware-as-a-service (RaaS) operations, employing double extortion tactics to maximize leverage over victims. By encrypting files and threatening to release stolen data, they exert considerable pressure on organizations to pay ransoms. The breach of the EEAS highlights the ongoing threat posed by ransomware groups to high-profile governmental entities, especially those involved in international diplomacy and security.
Hunters International's Modus Operandi
Hunters International sets itself apart through its use of Hive ransomware code, acquired after Hive's takedown. The group uses advanced techniques, including phishing campaigns, RDP exploitation, and social engineering, to gain initial access to target systems. Their malware, developed in Rust, enables cross-platform targeting, making it highly adaptable to various environments. The attack on the EEAS demonstrates the group's ability to bypass sophisticated security measures and exploit vulnerabilities in governmental networks.
Implications of the Breach
The breach of the EEAS poses significant risks to the security of diplomatic communications and sensitive geopolitical information. As the EEAS plays a crucial role in executing the EU's international relations, the exposure of its data could have far-reaching implications for global diplomacy and security. This incident underscores the need for enhanced cybersecurity measures to protect critical governmental entities from sophisticated cyber threats.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!