Cyber Threat Actor: Hash
| Actor Type | Location | Known Incidents |
Criminal
|
—
|
0 incidents |
|---|
Profile
Hash is an alias used by an individual or group that identifies itself as an initial access broker (IAB). The actor first came to public attention when it claimed to have compromised the internal network of Deutsche Bank, a multinational investment bank, and offered that access for sale on a Telegram channel. According to the actor’s announcement, the compromise yielded access to roughly twenty‑one thousand machines, the majority of which run Windows and are protected by a Symantec endpoint detection and response solution. The actor also asserted that the bank’s internal network is protected by filters for TCP, UDP, HTTP and HTTPS traffic, that employees communicate via internal chat services, and that file servers contain more than sixteen terabytes of internal data, including a share folder for each user. Additional claimed assets include a Flexcube database, virtual desktop infrastructure, virtual private network access, and a full domain dump containing domain administrator credentials. The asking price for this access was set at 7.5 bitcoin, which the actor noted was worth approximately $156,000 at the time, and the actor said it was receiving numerous inquiries about the offer.
The actor’s claimed capabilities suggest a focus on gaining and selling persistent footholds within large corporate environments rather than deploying specific malware families or exploiting particular vulnerabilities; the announcement emphasizes possession of already‑compromised assets such as chat logs, file stores, and administrative credentials. Security researcher Dominic Alvieri speculated that the same actor might be the individual who previously offered access to the systems of Australian health insurer Medibank, although this connection remains unverified speculation rather than an established fact. No explicit attribution to a nation‑state, criminal syndicate, or other affiliations is provided in the source material, and the actor is described solely in terms of its role as an initial access broker. The primary motive articulated in the reporting is financial, as the actor seeks monetary compensation in cryptocurrency for the network access it purports to sell. No details about the size, structure, or broader operational goals of the group Hash are supplied beyond what is contained in the announcement and the researcher’s commentary.
