{"id":1163,"date":"2025-04-08T17:46:10","date_gmt":"2025-04-08T17:46:10","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=1163"},"modified":"2025-04-08T17:46:10","modified_gmt":"2025-04-08T17:46:10","slug":"hellcat-ransomware-hits-4-companies-utilizing-infostealer-stolen-jira-credentials","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=1163","title":{"rendered":"HellCat Ransomware Hits 4 Companies utilizing Infostealer-Stolen Jira Credentials"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p>Cybersecurity researchers at Hudson Rock have recognized a brand new wave of cyber assaults by the HellCat ransomware group, this time concentrating on 4 firms throughout america and Europe. The widespread thread? Stolen Jira credentials, extracted by <strong><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/hackread.com\/facebook-malvertising-malware-via-fake-bitwarden\/\" data-type=\"post\" data-id=\"122715\" target=\"_blank\" rel=\"noreferrer noopener\">infostealer malware<\/a><\/strong> lengthy earlier than the precise breaches passed off.<\/p>\n<h3 id=\"who-got-hit\" class=\"wp-block-heading\"><strong>Who Obtained Hit<\/strong><\/h3>\n<p>On April 5, 2025, HellCat posted proof of the breaches to their leak web site, full with countdown timers and their signature <strong><code>\u201cJiraware &lt; &lt; 3!!\u201d<\/code><\/strong> tagline. In response to their posts, they\u2019ve stolen inside recordsdata, emails, and monetary information, they usually\u2019re threatening to leak or promote the info if the businesses don\u2019t meet their calls for.<\/p>\n<p>The brand new victims embody:<\/p>\n<ul class=\"wp-block-list is-style-cnvs-list-styled-negative\">\n<li><strong>Asseco Poland (Poland)<\/strong> \u2013 a serious IT options supplier<\/li>\n<li><strong>HighWire Press (USA)<\/strong> \u2013 a platform serving scholarly publishers<\/li>\n<li><strong>Racami (USA)<\/strong> \u2013 a agency centered on buyer communications tech<\/li>\n<li><strong>LeoVegas Group (Sweden)<\/strong> \u2013 a web-based gaming and betting firm<\/li>\n<\/ul>\n<h3 id=\"how-they-got-in\" class=\"wp-block-heading\"><strong>How They Obtained In<\/strong><\/h3>\n<p>In response to Hudson Rock\u2019s <strong><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.infostealers.com\/article\/hellcat-ransomware-group-strikes-again-four-new-victims-breached-via-jira-credentials-from-infostealer-logs\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">report<\/a> <\/strong>shared with Hackread.com, the corporate traced each considered one of these breaches again to the identical root trigger: Jira credentials stolen by infostealer malware. These malware variants, <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/hackread.com\/hackers-advertising-dark-web-malware\/\" data-type=\"post_tag\" data-id=\"27954\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>StealC<\/strong><\/a>, <strong><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/hackread.com\/redline-vidar-raccoon-malware-stole-1-billion-passwords-2024\/\" target=\"_blank\" data-type=\"post\" data-id=\"124953\" rel=\"noreferrer noopener\">Raccoon, Redline<\/a><\/strong>, and <strong><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/hackread.com\/fake-captcha-verification-pages-lumma-stealer-malware\/\" target=\"_blank\" data-type=\"post\" data-id=\"120682\" rel=\"noreferrer noopener\">Lumma Stealer<\/a><\/strong>, harvested login information from contaminated worker machines months (generally years) earlier than the precise assaults.<\/p>\n<p>As soon as HellCat obtained their palms on these credentials, they logged into every firm\u2019s <strong><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/hackread.com\/androxgh0st-botnet-iot-devices-exploit-vulnerabilities\/\" target=\"_blank\" rel=\"noreferrer noopener\">Atlassian Jira setting<\/a><\/strong>. From there, they moved by means of inside methods, grabbed delicate information, and kicked off their typical ransomware course of.<\/p>\n<p>This isn\u2019t a brand new tactic for them. HellCat has beforehand used the identical technique to breach Jaguar Land Rover, Telefonica, Schneider Electrical, and Orange, amongst others. It\u2019s a sample: discover credentials in infostealer logs, entry Jira, exfiltrate information, and demand ransom.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/hackread.com\/wp-content\/uploads\/2025\/04\/hellcat-ransomware-firms-infostealer-stolen-jira-credentials-1.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"940\" height=\"608\" src=\"https:\/\/hackread.com\/wp-content\/uploads\/2025\/04\/hellcat-ransomware-firms-infostealer-stolen-jira-credentials-1.jpg\" alt=\"HellCat Ransomware Hits 4 Firms using Infostealer-Stolen Jira Credentials\" class=\"wp-image-128384\" srcset=\"https:\/\/hackread.com\/wp-content\/uploads\/2025\/04\/hellcat-ransomware-firms-infostealer-stolen-jira-credentials-1.jpg 940w, https:\/\/hackread.com\/wp-content\/uploads\/2025\/04\/hellcat-ransomware-firms-infostealer-stolen-jira-credentials-1-300x194.jpg 300w, https:\/\/hackread.com\/wp-content\/uploads\/2025\/04\/hellcat-ransomware-firms-infostealer-stolen-jira-credentials-1-768x497.jpg 768w, https:\/\/hackread.com\/wp-content\/uploads\/2025\/04\/hellcat-ransomware-firms-infostealer-stolen-jira-credentials-1-380x246.jpg 380w, https:\/\/hackread.com\/wp-content\/uploads\/2025\/04\/hellcat-ransomware-firms-infostealer-stolen-jira-credentials-1-800x517.jpg 800w\" sizes=\"auto, (max-width: 940px) 100vw, 940px\"\/><\/a><figcaption class=\"wp-element-caption\">Compromised infrastructure of US-based agency Racami (Screenshot: Hudson Rock)<\/figcaption><\/figure>\n<\/div>\n<p>It\u2019s additionally value stating {that a} <strong><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/hackread.com\/infostealers-breach-us-security-military-fbi-hit\/\" target=\"_blank\" rel=\"noreferrer noopener\">latest report<\/a><\/strong> from Hudson Rock additionally revealed how infostealers, some offered for as little as $10, have compromised important infrastructure worldwide. Much more regarding, the affected methods embody worker machines on the FBI, Lockheed Martin, Honeywell, and branches of the US army.<\/p>\n<h3 id=\"why-jira\" class=\"wp-block-heading\"><strong>Why Jira?<\/strong><\/h3>\n<p>Jira is greater than only a undertaking administration software. In lots of firms, it\u2019s the principle system linked to growth workflows, buyer information, inside documentation, and system entry controls. If attackers can get into Jira, they&#8217;ll usually get into nearly all the things else.<\/p>\n<p>That\u2019s precisely what makes it such a high-value goal for ransomware teams like HellCat. And since many organizations don\u2019t deal with Jira accounts with the identical stage of safety as, say, e-mail or VPN entry, it turns into a straightforward win for attackers.<\/p>\n<h3 id=\"the-bigger-problem-infostealers\" class=\"wp-block-heading\"><strong>The Larger Downside: Infostealers<\/strong><\/h3>\n<p>Researchers consider that HellCat\u2019s modus operandi solely works as a result of infostealer malware infect person gadgets and steal saved logins, cookies, session tokens, and extra. The info is both <strong><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/hackread.com\/anydesk-logins-credentials-sold-on-dark-web\/\" target=\"_blank\" data-type=\"post\" data-id=\"112805\" rel=\"noreferrer noopener\">offered on darkish net markets<\/a><\/strong> or used immediately by teams like HellCat.<\/p>\n<p>Hudson Rock\u2019s personal information, primarily based on over 30 million contaminated methods, reveals that hundreds of firms have Jira-related credentials saved in infostealer logs. In these newest instances, the stolen credentials have been simply sitting there, unmonitored and unchanged, giving HellCat on a regular basis it wanted to organize the breach.<\/p>\n<h3 id=\"what-companies-should-be-doing\" class=\"wp-block-heading\"><strong>What Corporations Ought to Be Doing<\/strong><\/h3>\n<p>There are some steps firms can take to scale back the danger of assaults like these. First, it\u2019s essential to observe for infostealer infections utilizing instruments that may flag stolen credentials earlier than they\u2019re used. If any indicators of malware present up, compromised logins must be reset instantly, entry reviewed, and suspicious exercise tracked intently. <\/p>\n<p>Jira, specifically, must be locked down with multi-factor authentication, restricted entry, and correct community segmentation to restrict how far an attacker can get in the event that they break in. And since many of those infections begin with phishing or dangerous downloads, common worker coaching goes a great distance in stopping them within the first place.<\/p>\n<p>Nonetheless, HellCat isn\u2019t doing something out of the field as a result of they don\u2019t should. So long as organizations depart stolen credentials unchecked and hold utilizing single-layer authentication for instruments like Jira, teams like HellCat will hold taking up.<\/p>\n<\/p><\/div>\n<p><template id="PJQOk0FNpnVJmgTS8c0l"></template><\/script><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity researchers at Hudson Rock have recognized a brand new wave of cyber assaults by the HellCat ransomware group, this time concentrating on 4 firms throughout america and Europe. The widespread thread? Stolen Jira credentials, extracted by infostealer malware lengthy earlier than the precise breaches passed off. Who Obtained Hit On April 5, 2025, HellCat [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1165,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[483,1018,1016,1017,1019,1020,500],"class_list":["post-1163","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-credentials","tag-firms","tag-hellcat","tag-hits","tag-infostealerstolen","tag-jira","tag-ransomware"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/1163","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1163"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/1163\/revisions"}],"predecessor-version":[{"id":1164,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/1163\/revisions\/1164"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/1165"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1163"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1163"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 69d9690a190636c2e0989534. Config Timestamp: 2026-04-10 21:18:02 UTC, Cached Timestamp: 2026-05-06 17:23:36 UTC -->