FBI FLASH: Indicators of Compromise Associated with Hive Ransomware

The FBI has published another TLP:WHITE FLASH providing indicators of compromise associated with “Hive” ransomware. The Flash indicates that Hive ransomware, which was first discovered in June 2021 and likely operates as an affiliate-based ransomware campaign, primarily employs phishing tactics and remote desktop protocol (RDP) attacks to infiltrate a company’s network. After compromising a network, attackers exfiltrate data and encrypt files on the network before leaving a ransom note with further instructions. The FLASH includes further technical details regarding this activity, including indicators of compromise, and lists recommended mitigations. It also encourages partners to report suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 CyberWatch (CyWatch) at (855)292-3937 or Cy*****@*bi.gov.