A medical organization from Oregon, which recently reported a breach and data leak, accidentally made it clear that, according to the FBI, HelloKitty (FiveHands) malware is controlled by operators from the territory of Ukraine.
As a rule, law enforcement agencies do not disclose the collected information about hacker groups while the process of gathering evidence, surveillance and arrests are organized. Otherwise, suspects may destroy evidence or take refuge in countries with which the United States does not have extradition treaties. But this time the “leak” was not the fault of the law enforcement officers themselves.
The recently hacked Oregon Anaesthesiology Group reported this in an official press release.
Although the ransomware HelloKitty, also known as FiveHands, has been active since January 2021, details of the possible location of its operators have not been previously disclosed. This was not mentioned in CISA and FBI IC3 warnings, nor in numerous reports from information security companies, including NCC Group, Cado Security, Malwarebytes, Palo Alto Networks, SentinelOne, and Mandiant.
The FBI warned of the group in October, noting that the group has become known for aggressively pressuring its victims with a double extortion technique.
Let me remind you that this group is known mainly due to the CD Projekt Red hack that occurred at the beginning of this year.
Currently, hackers are still active and continue to engage in ransomware attacks.
Let me remind you that we also talked about France are looking for LockerGoga ransomware developers in Ukraine.