Germany and the United States of America: Hacking the “Hive” Hacker Network

According to the authorities in Germany and the United States, the global network of hackers “Hive” was broken. It has been blamed for more than 1,500 serious cyberattacks on businesses worldwide.

Investigators from Germany and the United States have dealt a major blow to an international network of cybercriminals and extortionists. The “Hive” hacker group has been said to be responsible for more than 1,500 serious cyberattacks against companies and organizations around the world in the past year and a half, according to the US Department of Justice and the Stuttgart attorney general’s office.

More than 70 attacks have been directed against facilities in Germany. According to investigators’ estimates, the damage to the affected companies and public institutions “runs into the billions.”

Preventing the payment of ransoms in the millions

“Since July of last year, we have assisted more than 300 victims around the world, preventing nearly $130 million from paying the ransom,” US Attorney General Merrick Garland told a news conference in Washington.

He thanked international partners – especially Germany and the Netherlands – for cross-border cooperation.

Crucial information from Germany

According to the Stuttgart Public Prosecutor’s Office, cyber specialists in Esslingen, Baden-Württemberg, last year succeeded in penetrating the criminal IT infrastructure of the perpetrators. So they determined that a company in the area had been the victim of an attack. She added that specialists could then trace the previously unknown “Hive” network and finally give international partners the decisive clue.

During the investigation, the servers and “data and accounts of the network and its users” were confiscated, said the Stuttgart public prosecutor’s office and the police headquarters in Reutlingen.

Over $100 million in ransom stolen

According to the information, the network is the “Hive Ransomware” group, which not only encrypts the important data of the victims, but also developed extortion tools to pressure the victims by publishing sensitive data. Thus, the hackers succeeded in siphoning off more than 100 million US dollars (about 92 million euros) in ransom payments in recent years.

Ransomware is one of the most serious cyber security threats in years. Malware blocks computers or encrypts data. Users are then asked to pay a ransom to decrypt the data again. Billing is often done in the digital currency Bitcoin.

“The tables have just turned.”

The FBI then managed to infiltrate the network control center in July 2022 and obtain software keys to decrypt the locked data, said Christopher Wray, director of the FBI, from victims around the world.

Assistant United States Attorney Lisa Monaco summed it up: “Simply put, we hacked the hackers through legal means and turned the tables.”

Hospitals, school districts, financial companies, and also critical infrastructure areas were among the hackers’ victims. US Attorney General Garland added that because of the attack, a clinic in the US could no longer accept new patients and no longer had access to electronic patient data.

One of the five largest hacker networks in the world

The “Hive Ransomware” hacker’s website in the dark web is now offline. In addition to the US judiciary, the Secret Service, the FBI, Europol and the Federal Criminal Police Office in Wiesbaden, the security authorities of other countries were also involved in the investigation, including the Netherlands, Great Britain, France, Norway and Romania.

It is not yet clear how the success of the investigation will affect the functioning of the beehive in the long term. No arrests have been announced yet. She added that the syndicate runs one of the five leading hacker networks in the world. FBI Director Ray said the investigation was ongoing: “Anyone involved in the ‘beehive’ should be concerned.”