This week, French police detained a 40-year-old man in Paris on suspicion of money laundering related to the criminal activities of the Hive extortion group. The arrest took place with the assistance of Europol and Eurojust. During the search of the suspect’s house in Cyprus, authorities seized over 570,000 euros worth of cryptocurrency [source].
According to American intelligence agencies and cybersecurity researchers, Hive has targeted over 1300 companies worldwide and generated more than $100 million in profits up until November 2022 [source].
Hive began operating in June 2021, employing the RAAS model to facilitate extortion. This model provided anyone with the necessary tools to carry out attacks. The hackers behind Hive typically used a double extortion approach, first stealing and encrypting victims’ data and then threatening to release it on a leakage website if a ransom was not paid. This tactic severely weakened the affected companies [source].
In April 2021, the FBI issued an emergency message detailing the Hive attacks, including technical information and compromise indicators associated with the group’s activities [source]. According to Chainalysis, a blockchain analytics company, Hive ranked among the top ten most profitable ransomware programs of 2021 [source].
The FBI, in collaboration with German and Dutch police forces and Europol, successfully shut down the Hive operation in January 2023. The group’s leak website was also taken offline [source].
Tor, an anonymous network that encrypts data transfers, is predominantly written in programming languages such as C, C++, and Python [source].