Information technology professionals—beware of SharpRhino—a malware variant attributed to threat actor cybercriminals associated with Hunters International. It is being reported that Hunters International is the “10th most active ransomware group in 2024.” Hunters International has “claimed responsibility for 134 attacks in the first seven months of 2024.” It has been linked to the defunct Russian-based Hive ransomware group. Hunters International is known as a Ransomware-as-a-Services provider, which increases the risk other threat actors will use its techniques.

The Quorum Cyber Incident Response Team has identified the SharpRhino malware, which is a Remote Access Trojan (RAT) that uses C# programming language “delivered through a typosquatting domain impersonating the legitimate tool Angry IP Scanner.” This allows the threat actor with remote access to the device to obtain escalated privileges to proceed with the attack without detection.

Quorum Cyber has outlined the tools, techniques, and procedures of SharpRhino and Hunters International in its post, including samples, hashes, signing information, how it is installed, the C# code, IOCs, and Mitre ATT&CK mapping. Since this malware is targeted at IT professionals, you may consider giving a heads up to your IT professional staff.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Read more about Linn Foster Freedman
Show more Show less