In a massive international effort, investigators from seven different countries teamed up with Europol and Eurojust to nab several key suspects linked to the RaaS (Ransomware as a Service) operation called Hive in Ukraine. This group was allegedly behind a string of major cyberattacks that caused damage running into hundreds of millions of euros, Europol revealed in a press statement.
More than 20 investigators from Norway, France, the Netherlands, Ukraine, Switzerland, the USA, and Germany were on the ground in Kyiv, lending support to the Ukrainian National Police in their investigative efforts. Both the Public Prosecutor’s Office in Stuttgart and the Reutlingen Police Department issued a joint press release detailing the recent developments.
The coordinated operation saw a total of 30 searches conducted in regions including Kyiv, Cherkasy, Rivne, and Vinnytsia on November 21. During these searches, investigators made significant headway, apprehending the alleged 32-year-old leader of the hacker group and four of their top collaborators. Additionally, a virtual command center was established in the Netherlands to swiftly analyze the seized data.
These individuals are accused of participating in ransomware attacks targeting organizations across 71 countries. According to Europol, their investigations revealed that the group encrypted over 250 servers belonging to major companies, resulting in staggering damages. Previous victims of the Hive ransomware included the IT systems of Potsdam city and the MediaMarktSaturn Group.
Interestingly, initial arrests linked to the Hive ransomware occurred in Ukraine back in 2021. Forensic analyses of devices seized during those arrests helped investigators identify further suspects, ultimately leading to these recent apprehensions.
Aside from Hive, the alleged hackers reportedly utilized other ransomware strains like Lockergoga, Megacortex, and Dharma. They also employed brute-force attacks, SQL injections, and phishing emails to gain access to user accounts and infiltrate the networks of their target organizations. Once inside these networks, they utilized additional hacking tools like Trickbot, Cobalt Strike, and PowerShell Empire to compromise numerous systems.
READ MORE: Deutsche Telekom Surpasses 7.1 Million FTTH Homes, Leads German Fiber Expansion