Crazyhunter Team

Parsing : Enabled

Description

CrazyHunter is a rising ransomware threat first detected in early 2025, with particularly dangerous campaigns targeting Taiwanese critical infrastructure sectors such as healthcare, education, manufacturing, and industrial services. Technically sophisticated, its toolkit is composed of approximately 80% open-source tools, including the Prince Ransomware Builder (for encryption), ZammoCide (for defense evasion via BYOVD techniques), and SharpGPOAbuse (enabling lateral movement via Group Policy). In a notable incident like the February attack on Mackay Memorial Hospital, attackers employed a USB-based infection vector, then escalated privileges using vulnerable signed drivers (e.g., zam64.sys) to disable security defenses. The ransomware appends extensions like .Hunted3 and displays “Decryption Instructions.txt” as ransom notes. The group maintains a data leak site where it publicly claims multiple Taiwanese organizations as victims.

External Analysis
https://www.trendmicro.com/en_us/research/25/d/crazyhunter-campaign.html
https://labs.withsecure.com/publications/crazyhunter-ransomware
https://darkreading.com/threat-intelligence/ransomware-gang-crazyhunter-critical-taiwanese-orgs
https://threats.wiz.io/all-incidents/crazyhunter-ransomware-group-targets-critical-sectors-in-taiwan
https://www.broadcom.com/support/security-center/protection-bulletin/crazyhunter-a-new-prince-ransomware-variant
https://www.pcrisk.com/removal-guides/32577-crazyhunter-ransomware
https://www.semperis.com/blog/hospital-cyberattacks-highlight-active-directory-security-importance
Telegram
https://t.me/CrazyHuntersTeam
Tox
E8481B6E149862EEEA79668EBBC50B96A6B6529C5DDD905491E2F838EF7D174FB73DB97F1FFD
Urls
Screen
http://7i6sfmfvmqfaabjksckwrttu3nsbopl3xev2vbxbkghsivs5lqp4yeqd.onion/
Screen
File servers
Screen
Chat servers
Screen
Admin servers
Screen

Posts

Date Title Description Screen
2025-03-30
Taiwan - Netronix Inc
Screen
2025-03-24
Johnson Fitness
Screen
2025-03-16
Taiwan - KD Panels
Screen
2025-03-09
Taiwan - Changhua Christian Hospital
Screen
2025-03-09
Taiwan - Huacheng Electric
2025-03-09
Taiwan - Mackay Hospital
Screen
2025-03-09
Taiwan - Asia University Hospital
Screen
2025-03-09
Taiwan - Asia University
Screen