A large sign with the letters "CCOO" on a building, with a screenshot of a tweet about a possible cyber attack overlaid in the top right corner. — Hack Comisiones Obreras | EDATV

Camara — Hack Comisiones Obreras | EDATV

The Threat From a Hacker Group to Ccoo With Revealing Their Financial Data

The deadline is one week to pay the ransom or else the data will be leaked.

25/02/2025 10:33:00h

Jose Andres Jorge Barceló

The cybercriminal group Hunter International has issued an ultimatum to Comisiones Obreras, giving them a one-week deadline to meet their financial demands and avoid the leak of sensitive data.

The organization, considered one of the most active in the field of cybercrime, claims to have extracted 570 gigabytes of information. This information was extracted from the union's servers.

Hunter International, with alleged connections to Russia, specializes in the theft and disclosure of financial and personal data. Entities are primarily the target of their attacks.

Screenshot of a tweet from MetaProtec warning about a possible cyberattack by the hacker group Hunter, who allegedly stole 570.8 GB of data from CCOO and 690,000 files, demanding a multimillion-dollar ransom; the original tweet from HackManac mentions an attack on CCOO services in Spain, with details about the size of the compromised data and the ransom amount.

CCOO hack published on social media | Redes sociales

In this case, the warning directed at the union group led by Unai Sordo was published on the dark web. This is a part of the internet inaccessible to most users and requires specific tools for navigation.

Although the hacker group hasn't detailed how they accessed the information or when the alleged attack occurred, they have set a deadline for the ransom payment: March 2.

They also haven't specified the exact content of the stolen files, which belong to the union's Services federation. However, they have assured that the volume of data amounts to 570.8 gigabytes, distributed across 689,764 files.

Modern architecture building with a geometric design and a red sign with white letters on the facade.

CCOO suffers a hack | Redes sociales

State security sources specialized in combating this type of threat warn that it may be false. They claim that it's common to receive similar warnings and some turn out to be false alarms, but the identity of the attacking group raises concern.

Hunter International is known for its focus on stealing financial information and banking credentials, which could pose a significant risk to the affected organization.

What Is Hunter International?

Hunter International is a cybercriminal group specialized in ransomware attacks. It emerged in October 2023 and operates under a Ransomware as a Service (RaaS) model, meaning it provides tools and resources to other cybercriminals to carry out attacks in exchange for a share of the profits.

This group was formed after the dismantling of the Hive group, a similar criminal organization that was taken down by security agencies in January 2023. Hunter International is said to have acquired Hive's infrastructure and source code, enhancing their techniques to carry out more sophisticated attacks.

Their strategy involves stealing and encrypting sensitive data from their victims, demanding a ransom to prevent the information from being leaked. More than 200 attacks have been reported worldwide, affecting various industries, companies, and government organizations.

Among their methods are exploiting vulnerabilities in Oracle WebLogic servers, using remote access tools like SharpRhino, and spreading within compromised networks before encrypting files and demanding payment.

This group is considered a serious threat in the cybersecurity landscape due to their adaptability and the sophisticated attacks they execute against their targets.

➡️ News