hellokitty
2 incidentes
1 paises
1 sectores
ransomware UA Ultimo: 2026-06-29
Aliases: hellokitty, KittyCrypt, HelloGookie, FiveHands, VICE SPIDER, DEV-0832, Vanilla Tempest, Vicesociety, PrintNightmare, HelloKitty, Zeppelin ransomware
HelloKitty, also known by the alias FiveHands, is a ransomware operation that first emerged in late 2020, with its initial samples observed in October. The group is characterized by its rapid adaptation of new tactics, techniques, and procedures, notably deploying both Windows and Linux variants of its ransomware, including a version targeting VMware ESXi environments. Initially, the group was assessed with moderate confidence to be of Ukrainian origin, though recent activity suggests an evolving geographic footprint with samples uploaded from Chinese IP addresses. Its primary motivation is financial gain through data encryption and extortion, employing double extortion tactics by exfiltrating data prior to encryption and threatening its release or sale. A distinguishing behavior is its customization of ransom notes, often addressing victims by name, and its use of a unique mutex, "HelloKittyMutex," upon execution. The group is also known for sometimes opening a shell terminal to displ
Canales, DLS e infraestructura asociada
Clasificacion automatica desde IntelTracker/APTTrail/OSINT. Estado real solo si viene indicado por la fuente.
Paises objetivo (SOCRadar)
United Arab Emirates
Argentina
Australia
Belgium
Brazil
China
Germany
Spain
France
United Kingdom
Sectores atacados
Software (1)
Sectores objetivo (SOCRadar)
Construction of BuildingsFood ManufacturingOther Information ServicesSoftware PublishersHospitalsAir TransportationManufacturingConstructionElectrical Equipment, Appliance, and Component ManufacturingPublic Administration
URLs nuevas detectadas en IntelTracker