TimisoaraHackerTeam (THT)

Threat Actor

THT is named after a Romanian town, and its source code also appears to have been produced by Romanian speakers. Researchers have not yet determined which overarching family the THT ransomware group belongs to.

Researchers discovered the group in July 2018, when it surfaced with its characteristic tactic of abusing legitimate tools such as Microsoft Bitlocker, rather than developing its own tools to encrypt victim files. What is known, however, is that the group is not against targeting hospitals.

Incidents Associated with this Threat

Malware Used by this Threat Actor

No malware identified for this threat actor.