Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Hellcat

| RaaS

HellCat is a ransomware-as-a-service group that formed in Q4 2024 and quickly became notable for high-profile attacks against Schneider Electric, Telefónica, and Israel's Knesset, primarily gaining initial access via stolen Jira credentials harvested by infostealer malware, targeting critical infrastructure and government entities.

Victims
20
 
First Discovered
2024-10-25
victim
Last Discovered
2025-04-10
victim
Inactive Since
1yr
more than
Avg Delay
4.5
days
Infostealer
80.0%
victims with domain
Countries
13
hit
View Victims on World Map View Group Statistics
Known Locations (6)
Favicon Title Type Available Last Visit Server Info FQDN
favicon 404 Not Found No 2026-04-28T07:24:04 hellcakbszllztlyqbjzwcbdhfrodx55wq77kmftp4bhnhsnn5r3odad.onion
favicon HellCat - Blog No 2026-04-28T07:26:40 hellcatdcy653ma43t2ryf2ztw5yfanqsbfmapndbqvteh5itctoijyd.onion
favicon HellCat - Blog No 2026-04-28T07:29:12 hellcatdnrsu4i5uctbklunpfyv2ppiioh5sb3leu4dfgizinrve3gqd.onion
favicon HellCat - Blog No 2026-04-28T07:31:21 hellcatdohzngkuh7zruzhi2wojrawbnzbyzljtkw6iluv5ussfer4id.onion
favicon HellCat - Blog No 2026-04-28T07:32:58 hellcatdue7rasyoi4oh6t3fhra5bpcj5t6xmrm4vjicfqdvrl24ijid.onion
favicon No 2026-05-13T17:39:08 hellcatj6xgvho4qxnr2nbzzthsqel577i5wvzcpfjgavbo3d5l657id.onion
Target
Top 5 Activity Sectors
  • Technology 8
  • Education 3
  • Financial Services 2
  • Consumer Services 2
  • Public Sector 2
Top 5 Countries
  • US flag United States 6
  • CN flag China 2
  • PL flag Poland 1
  • SE flag Sweden 1
  • ES flag Spain 1
Heatmap
Ransom Notes (2)
YARA Rules (1)
Indicators of Compromise (IoCs) (2)
Email 1 tox 1
Type IOC
Email h3llr4ns@onionmail.com
tox F97D66EB390592BA053CC7C25C16ECDBE42F3C266DD2A99CB9D1DDABE69F6A41EF5FB3D9EE7F
Victims (20)
Logo
Potomac Financial Services US
Hellcat
Discovered: 2025-04-10 (1y ago)  ·  Attack est.: 2025-04-07
We have breached a U.S.-based financial services firm. 381GB of sensitive data has been secured. The…
Logo
P**o***
Hellcat
Discovered: 2025-04-07 (1y ago)
We have breached a U.S.-based financial services firm. 381GB of sensitive data has been secured. The…
Logo
CVTE CN
Hellcat
Discovered: 2025-04-07 (1y ago)
We have breached the internal systems of Guangzhou Shiyuan Electronic Technology, securing sensitive…
Logo
HighWire Press US
Hellcat
Discovered: 2025-04-05 (1y ago)  ·  Attack est.: 2025-03-18
Jiraware <<3 !! We hold sensitive data from HighWire Press, a leading platform serving scholarly pub…
Logo
Racami US
Hellcat
Discovered: 2025-04-05 (1y ago)
Jiraware <<3 !! We have breached Racami’s internal systems. The data in our possession poses a serio…
Logo
Asseco PL
Hellcat
Discovered: 2025-04-05 (1y ago)
Jiraware <<3 !! We have breached Asseco’s internal systems, stealing sensitive files, communications…
Logo
LeoVegas AB SE
Hellcat
Discovered: 2025-04-05 (1y ago)
We have compromised the internal systems of LeoVegas AB. The data in our possession threatens their …
Logo
Transsion Holdings CN
Hellcat
Discovered: 2025-03-29 (1y ago)
We hold almost 70GB of sensitive data from Transsion, a leading mobile device provider with $8.6B in…
Logo
Grupo Santillana ES
Hellcat
Discovered: 2025-03-25 (1y ago)  ·  Attack est.: 2025-03-24
We hold sensitive files from Santillana, the largest business unit of Spain’s publicly traded Prisa …
Logo
Omnitracs US
Hellcat
Discovered: 2025-03-25 (1y ago)  ·  Attack est.: 2025-03-24
We hold sensitive files from Omnitracs, a leading provider of fleet management and logistics soluti…
Logo
Electronics For Imaging US
Hellcat
Discovered: 2025-03-17 (1y ago)
We hold 19GB of sensitive files from Electronics For Imaging, Inc., including critical corporate dat…
Logo
Ascom Holding AG CH
Hellcat
Discovered: 2025-03-16 (1y ago)  ·  Attack est.: 2025-03-15
44GB of sensitive data including internal reports, sales documents, confidential contracts, developm…
Logo
OneDealer DE
Hellcat
Discovered: 2025-02-28 (1y ago)  ·  Attack est.: 2025-02-25
We have obtained over 330,000 records from OneDealer partners, including sales reports, leads, custo…
Logo
Car Care Plan - Turkey TR
Hellcat
Discovered: 2024-12-26 (1y ago)
We have successfully stolen over50 GBof data from Car Care Plan, including financial records with se…
Logo
Sistem Informasi Pengelolaan Keuangan Daerah (SIPKD) ID
Hellcat
Discovered: 2024-12-25 (1y ago)
We have successfully stolen82 GBof data, including backups, from the e-Finance system of Blora Regen…
Logo
Pinger - USA US
Hellcat
Discovered: 2024-12-25 (1y ago)
We have successfully breached Pinger, obtaining 111 GB of sensitive data. This includes over 9 milli…
Logo
College of Business - Tanzania TZ
Hellcat
Discovered: 2024-11-04 (1y ago)
We have released over 500,000 records from Tanzania’s College of Business Education, containing stud…
Logo
Ministry of Education - Jordan JO
Hellcat
Discovered: 2024-11-04 (1y ago)
We have successfully accessed and compromised a range of sensitive documents from Jordan's Ministry …
Logo
Schneider Electric - France FR
Hellcat
Discovered: 2024-11-04 (1y ago)
[IA generated] Schneider Electric, based in France, is a global leader in energy management and auto…
Logo
The Knesset - Israel IL
Hellcat
Discovered: 2024-10-25 (1y ago)
We have successfully compromised the Knesset's secure networks and extracted 64GB of sensitive data.…