: Targeted infrastructure via Atlassian Jira vulnerabilities and credential theft. Recommendations If you have encountered this file:
: Rar files from threat groups often contain nested malicious scripts or "bombs" designed to compromise the host system.
: Compromised internal ticketing systems via stolen employee logins.
: Exfiltrated hundreds of gigabytes of source code and employee credentials.
: If necessary for research, use sandboxes like Joe Sandbox or Any.Run to observe behavior without risk to your network.
The Hellcat group (formerly known as ICA Group) is led by threat actors using the aliases and Rey . They are known for "humiliation tactics," publicly pressuring victims on leak sites and demanding ransoms in various forms, including unconventional requests like "baguettes" (referring to a specific cryptocurrency or a sarcastic demand during the Schneider Electric breach). Technical Write-up Summary