Cyber Threat Actor: Hunters International
| Actor Type | Location | Known Incidents |
Criminal
|
Namibia
|
3 incidents |
|---|
Profile
Hunters International is athreat actor identified by that alias and has been associated with operations originating from Namibia. The group functions as a ransomware entity that conducts attacks involving encryption of victim data and subsequent extortion attempts. Public reporting has linked Hunters International to several disclosed cyber incidents across different countries. No public attribution to a state sponsor or larger criminal consortium has been established for the actor. Its activity is primarily documented in the context of financially driven cybercrime rather than espionage or disruptive campaigns.
Hunters International has targeted organizations in sectors such as electricity utilities, trade unions, and telecommunications providers, with observed incidents in the Dominican Republic, Spain, and Namibia. The group’s tactics include the use of ransomware that encrypts files and the threat to publish stolen information on the dark web if ransom demands are not met, a method commonly described as double extortion. Reporting notes that the actor has a history of targeting critical sectors like healthcare and logistics, suggesting a focus on entities where data leakage could increase pressure to pay. The group’s reliance on phishing campaigns to deliver malware has been cited as a likely initial access vector in at least one of the reported incidents. These behaviors indicate a pattern of seeking financial gain through data hostage and leak tactics rather than pursuing political or intelligence objectives.
In the Telecom Namibia case, the attackers leaked customer data including identification numbers, payslips, and banking details after the victim refused to comply with ransom demands, demonstrating the group’s willingness to follow through on leak threats. The Edesur Dominicana incident involved the group claiming compromise while the victim denied any actual breach, illustrating how Hunters International uses public assertions to amplify pressure on targets. The attack on the Confederación Sindical de Comisiones Obreras resulted in the alleged exfiltration of approximately 570 GB of sensitive data across multiple departments, highlighting the scale of information the actor can gather and threaten to release. Collectively, these examples show that Hunters International relies on phishing‑based initial access, ransomware encryption, and double extortion leak threats as core components of its operational method.
