CrazyHunter Campaign Targets Taiwanese Critical Sectors
Essential information
- Published
- 16/04/2025 14:00
- Modified
- 16/04/2025 14:21
- Tags
- 2025-04-16 byovd critical sectors gpo exploitation open-source tools prince ransomware prince ransomware builder ransomware taiwan zammocide
- Related entities
- 9 observables, 1 intrusion sets (apt), 11 techniques (mitre), 1 malware, 4 others
Description
The CrazyHunter ransomware group has emerged as a significant threat, specifically targeting Taiwanese organizations in healthcare, education, and industrial sectors. The group employs sophisticated techniques, including the Bring Your Own Vulnerable Driver (BYOVD) method, to bypass security measures. They have expanded their toolkit by integrating open-source tools from GitHub, such as the Prince Ransomware Builder and ZammoCide. Approximately 80% of CrazyHunter's toolkit consists of open-source tools. The group's focus on Taiwan's critical sectors raises concerns about potential disruptions to essential services. Their evolving tactics and use of readily available tools highlight the need for enhanced cybersecurity measures to counter this emerging threat.