Global fashion company Benetton Group has allegedly been attacked by the ransomware gang Hunters International. The cybercriminals claim to have exfiltrated 433GB of data.

Hunters International listed Benetton Group on its leak site on April 3rd, at around 6 p.m. GMT.

There’s no official confirmation about the incident yet, and it is unclear what systems or data may have been affected. Cybernews has reached out to Benetton Group and is awaiting a response.

Ten files containing 33.8MB of Clients’ data will be disclosed after one day and 16 hours, according to the dark web posting by the gang. No data samples are provided, nor are any threats listed.

Such action may be part of a common extortion technique used by ransomware groups, as they typically release parts of sensitive data publicly if a ransom is not paid within a specified timeframe.

Benetton Group is one of the world’s best-known fashion companies and is based in Ponzano Veneto, Italy. The network has about 4,000 stores and more than 6000 employees worldwide, according to the company’s website.

Hunters rose from the ashes of Hive

Hunters International emerged on the ransomware scene after one of the world’s most dangerous ransomware groups, Hive, disappeared after being infiltrated by the FBI.

A new gang, Hunters International, recorded a sudden increase in activity using a similar code since last October.

“It appears that the leadership of the Hive group made the strategic decision to cease its operations and transfer its remaining assets to another group, Hunters International,” according to Bitdefender’s report.

The gang has itself challenged the initial consensus that Hive has simply rebranded to Hunters.

“We started to see that someone falsely decided that we are the Hive ransomware group based on a 60% similarity of encryption code. All of the Hive source codes were sold including the website and old Golang and C versions and we are those who purchased them. Unfortunately for us, we found a lot of mistakes that caused unavailability for decryption in some cases. All of them were fixed now,” Hunters International said, addressing the speculation in a rare statement.

Hunters claims to focus on data exfiltration rather than data encryption, using the chance to acquire proven ransomware code from the dismantled group. The gang appears to be opportunistic, with no specific focus on regions or industries.

“In double-extortion scenarios, the goal is not just to encrypt but also to steal data. Even a functional backup may not fully address this issue, as the stolen data remains a concern, highlighting the importance of a defense-in-depth security approach,” Bitdefender researchers warn.

According to the Cybernews Ransomlooker tool, Hunters International was among the top five most active ransomware gangs last month. They claimed 23 victims in March and 89 victims in total since October 2023.