cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Hunters International takes credit for Hoya Optics attack, demands US$10m

The recent cyber attack on Japanese optics giant Hoya has turned out to be a ransomware attack by Hunters International, which is demanding US$10 million to prevent the release of exfiltrated data.

user icon Daniel Croft
Fri, 12 Apr 2024
Hunters International takes credit for Hoya Optics attack, demands US$10m
expand image

Hoya Optics initially released a statement on 1 April saying it had experienced an “IT incident” late in March, mentioning no indication of a cyber attack but that the incident led to some of its systems going offline.

However, in a PDF advisory on the incident, Hoya described an event that indicates the outage may have been caused by a cyber attack, saying that it is most likely that a third party had accessed its systems.

“In the morning of March 30, 2024, we discovered a discrepancy in system behaviour at one of our overseas offices and confirmed that a system failure had occurred,” it said.


“We also engaged external forensic investigators who reported that this incident was most likely caused by unauthorised access to our servers by a third party.”

Now, as first reported by French publication LeMagIT, the infamous Hunters International ransomware gang has claimed responsibility for the attack and has listed the company’s data for a whopping $10 million.

According to the threat group, it exfiltrated 1.7 million files that make up two terabytes of data. Additionally, Hunters International has said that with this ransom, there is no negotiation or available discount.

Hoya has yet to provide an update since its initial press release earlier this month.

Hunters International is a relatively young ransomware gang, having first appeared in October last year. In a short time, it has launched a number of high-profile attacks, including on the US subsidiary of Australian shipbuilder and defence contractor Austal.

While Hunters International’s origins are up for debate, several cyber experts have concluded that the group appeared out of the ashes of the Hive ransomware group, which was taken down by the FBI midway through last year.

Based on reports, Hunters International has been observed using the same malware code as Hive, with researchers noting a number of substantial code overlaps.

“It appears that the leadership of the Hive group made the strategic decision to cease their operations and transfer their remaining assets to another group, Hunters International,” wrote Bitdefender in a report.

“While Hive has been one of the most dangerous ransomware groups, it remains to be seen if Hunters International will prove equally or even more formidable.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.