Infiltration of corporate networks has been sought by the Hunters International ransomware gang with attacks targeting IT professionals with the new C#-based SharpRhino remote access trojan, according to BleepingComputer.
Hunters International has leveraged a typosquatted site for the widely used Angry IP Scanner to lure IT workers into downloading an installer, which when executed ensures persistence through a Windows registry modification while injecting a PowerShell script executing BAT file to launch SharpRhino without being detected, a report from Quorum Cyber revealed. Featuring commands for timing a succeeding POST request for command retrieval and ending communications, SharpRhino could enable PowerShell execution on the host and additional malicious activities, said researchers. Such a development comes nearly a year after Hunters International's emergence as a potential Hive ransomware rebrand. Since then, Hunters has become one of the most formidable ransomware operations, having compromised Integris Health, Austal USA, Hoya, and the Fred Hutch Cancer Center, among others.
