Germany and USA: Hacker network “Hive” smashed

According to the authorities in Germany and the USA, they have smashed the global hacker network “Hive”. It is blamed for more than 1500 serious cyber attacks on companies worldwide.

Investigators from Germany and the USA have struck a major blow against an international network of cybercriminals and extortionists. The hacker group “Hive” is said to have been responsible for more than 1,500 serious cyber attacks against companies and organizations worldwide in the past year and a half, according to the US Department of Justice and the public prosecutor’s office in Stuttgart.

More than 70 attacks were directed against facilities in Germany. According to investigators’ estimates, the damage caused to the affected companies and public institutions should “run into the billions”.

Ransom payments in the millions prevented

“Since July of last year, we have assisted more than 300 victims around the world, preventing approximately $130 million in ransom payments,” US Attorney General Merrick Garland said at a news conference in Washington.

He thanked the international partners – especially Germany and the Netherlands – for the cross-border cooperation.

Crucial information from Germany

According to the public prosecutor’s office in Stuttgart, cyber specialists in Esslingen, Baden-Württemberg, succeeded last year in penetrating the criminal IT infrastructure of the perpetrators. They had therefore determined because a company in the district had been the victim of an attack. The specialists could then have traced back the previously unknown “Hive” network and finally given the international partners the decisive clue, it said.

In the course of the investigation, servers were confiscated and “data and accounts of the network and its users were secured,” said the public prosecutor’s office in Stuttgart and the police headquarters in Reutlingen.

More than $100 million ransom stolen

According to the information, the network is the “Hive Ransomware” group, which not only encrypts important data on the victims, but has also developed blackmail tools to put pressure on the victims by publishing sensitive data. The hackers have thus succeeded in capturing more than 100 million US dollars (around 92 million euros) in ransom payments in recent years.

Ransomware has been considered the most serious cybersecurity threat for years. The malicious programs block computers or encrypt data. Users are then asked to pay a ransom in order to decrypt the data again. Billing is often done in the digital currency Bitcoin.

“Just turned the tables”

The FBI was then able to sneak into the network’s control center in July 2022 and obtain software keys to decrypt locked data from victims worldwide, said FBI Director Christopher Wray.

US Assistant Attorney General Lisa Monaco summed it up: “Put simply, we hacked the hackers by legal means and turned the tables.”

Hospitals, school districts, financial companies and also areas of critical infrastructure were among the victims of the hackers. Because of the attack, a clinic in the USA could no longer accept new patients and no longer had access to electronic patient data, added US Attorney General Garland.

One of the top five hacker networks in the world

The website of the hacker “Hive Ransomware” in the dark web is now offline. In addition to the US judiciary, the Secret Service, the FBI, Europol and the Federal Criminal Police Office in Wiesbaden, the security authorities of other countries were also involved in the investigation, including the Netherlands, Great Britain, France, Norway and Romania.

It is not yet clear how the success of the investigation will affect the functioning of “Hive” in the long term. Arrests have not yet been announced. The syndicate operates one of the five leading hacker networks in the world, it said. FBI Director Wray said the investigation is ongoing: “Anyone involved with ‘Hive’ should be concerned.”