Emerging Threats//
CrazyHunter Ransomware
CrazyHunter is a ransomware campaign targeting healthcare that weakens endpoint defenses and escalates privileges before encrypting systems at scale.
Threat Overview - Crimson Collective
Crimson Collective is an emerging cyber threat group that has recently focused on cloud environments, particularly targeting AWS instances, cloud-based GitLab deployments, and other critical enterprise cloud infrastructure. Their observed activity indicates that the group has evolved from opportunistic attacks into highly targeted campaigns leveraging stolen credentials, misconfigured cloud resources, and supply chain access to infiltrate enterprise networks. Over the past few months, the collective has been linked to data exfiltration incidents impacting organizations in North America, Europe, and Asia, including high-value technology and software development sectors. High profile victims such as Nintendo have been allegedly targeted for example.
The group’s operations allow attackers to gain unauthorized access to sensitive source code repositories, cloud storage, and internal documentation, enabling both financial extortion and strategic theft of intellectual property. These campaigns have led to significant operational disruption, reputational damage, and potential compliance violations for affected organizations.
TITAN References:
- Info Report: Crimson Collective hacking group members claim to compromise US-based Red Hat software provider
- Spot Report: 10 Oct 2025
- Spot Report: 13 Oct 2025
Get your FREE Community Account today on the HUNTER Platform and get access to behavioral threat hunting content for your SIEM, EDR, NDR, and XDR platforms!
Crimson Collective Hunt Collection
Related Hunt Packages
AWS Relational Database Service (RDS) Discovery
This Hunt Package identifies activity that could be associated with discovery behaviors targeting AWS Relational Database Service (RDS) environment.
AWS Network Level Information Discovery
This Hunt Package identifies activity that could be associated with discovery behaviors targeting AWS network configuration and infrastructure.
AWS Elastic Compute Cloud (EC2) Discovery
This Hunt Package identifies activity that could be associated with discovery behaviors targeting AWS Elastic Compute Cloud (EC2) environment.
AWS General Discovery Activity
This Hunt Package identifies activity that could be associated with discovery behaviors targeting AWS Identity and Access Management (IAM), Elastic Compute Cloud (EC2), Elastic Block Store (EBS), Simple Storage Service (S3), Network, Relational Database Service (RDS), Monitoring and Alerts, Messaging, and Application services and infrastructure.
AWS Messaging Discovery
This Hunt Package identifies activity that could be associated with discovery behaviors targeting AWS Messaging services.
AWS Simple Storage Service (S3) Discovery
This Hunt Package identifies activity that could be associated with discovery behaviors targeting AWS Simple Storage Service (S3) environment.
AWS Application Discovery
This Hunt Package identifies activity that could be associated with discovery behaviors targeting AWS Application services.
AWS Monitoring And Alert Discovery
This Hunt Package identifies activity that could be associated with discovery behaviors targeting AWS Monitoring and Alert services.
AWS Elastic Block Store (EBS) Discovery
This Hunt Package identifies activity that could be associated with discovery behaviors targeting AWS Elastic Block Stores (EBS).
AWS Identity And Access Management (IAM) Discovery
This Hunt Package identifies activity that could be associated with discovery behaviors targeting AWS Identity and Access Management (IAM).