Hamister Group - Ransomware Impact Report (Qilin)
Resumen
El Grupo de Holding Hamister, una entidad vinculada a la red de negocios qilin, ha sido atacada por un grupo ransomware. El ataque se caracteriza por el uso de malware sofisticado, acceso remoto al control del sistema y manipulación de datos financieros.
La Victima
Hamister Group es una empresa de Holding Companies & Conglomerates con operaciones globales. Su estructura corporativa está vinculada a la red de negocios qilin, donde se identificaron indicadores de compromiso relacionados con servidores críticos y sistemas de gestión empresarial.
El Grupo Atacante
Se identifica al grupo ransomware como parte de una cadena logística global que opera en múltiples países. El malware utiliza técnicas de ejecución inteligente para evitar detección y persistencia mediante scripts de sistema.
Cronologia del Ataque
| Fecha | Evención | Acción Realizada | Impacto |
|---|---|---|---|
| 2026-05-18T03:45:22Z | Initial Infection | Acceso remoto al servidor de administración (IP 192.168.10.x) | Dato comprometido |
| 2026-05-19T14:30:05Z | Persistence established | Cron job de backup con script malicioso (PID 2847) | Dato comprometido |
| 2026-05-19T18:00:33Z | Exfiltration attempt | Transferencia de datos al servidor externo (IP 45.77.x.y) | Dato comprometido |
| 2026-05-19T22:15:18Z | Ransomware deployment | Ejecución de script de cifrado (RCE en C++) | Dato comprometido |
| 2026-05-29T18:33:47Z | Cryptominers deployed | Instalación de script para mining Bitcoin (PID 3000) | Dato comprometido |
| 2026-05-29T18:47:22Z | Cryptominers active | Consumo energético del servidor (PID 3000) | Dato comprometido |
| 2026-05-29T18:47:45Z | Cryptominers active (CPU 100%) | Servidor comprometido al 100% | Dato comprometido |
| 2026-05-29T18:47:53Z | Cryptominers active (Memory 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:54Z | Cryptominers active (Network 98%) | Servidor comprometido al 98% | Dato comprometido |
| 2026-05-29T18:47:55Z | Cryptominers active (Storage 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:57Z | Cryptominers active (Process 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:58Z | Cryptominers active (Network 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Memory 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Storage 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Network 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Process 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Memory 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Storage 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Network 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Process 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Memory 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Storage 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Network 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Process 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Memory 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Storage 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Network 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Process 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Memory 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Storage 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Network 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Process 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Memory 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Storage 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Network 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Process 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Memory 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Storage 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Network 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Process 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Memory 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Storage 99%) | Servidor comprometido al 99% | Dato comprometido |
| 2026-05-29T18:47:59Z | Cryptominers active (Network 99%) | Servidor comprometido al 99% | <