CrazyHunter is a Go-based ransomware group that emerged in early 2025, derived from the open-source Prince encryptor, exclusively targeting Taiwanese organizations in healthcare, education, and industrial sectors using BYOVD techniques and tools like SharpGPOAbuse for lateral movement.
Donut, Prince Ransomware, SharpGPOAbuse, bb.exe (shellcode loader)
Victims (10)
Zuni Data
TWTechnology
Discovered: Mar 30, 2025 · Attack est.: Mar 30, 2025
Taiwan - Zuni Data
Analog Integrations Corporation
TWTechnology
Discovered: Mar 30, 2025 · Attack est.: Mar 30, 2025
Taiwan - Analog Integrations Corporation
Netronix Inc
TWTechnology
Discovered: Mar 30, 2025 · Attack est.: Mar 30, 2025
Taiwan - Netronix Inc
Johnson Fitness
USConsumer Services
Discovered: Mar 24, 2025 · Attack est.: Mar 24, 2025
Johnson Fitness
KD Panels
TWManufacturing
Discovered: Mar 16, 2025 · Attack est.: Mar 16, 2025
Surface Material Supplier — Keding - the interior surface expert, committed to excellence in every detail. Featured Products: ECO+ Laminates, ECO+ Panels, KD Panels & KD Flooring. Guaranteed Quality.
Changhua Christian Hospital
TWHealthcare
Discovered: Mar 9, 2025 · Attack est.: Mar 5, 2025
Changhua Christian Hospital
Huacheng Electric
TWManufacturing
Discovered: Mar 9, 2025 · Attack est.: Mar 5, 2025
Due to confidentiality agreement, no details can be disclosed.
Asia University Hospital
TWHealthcare
Discovered: Mar 9, 2025 · Attack est.: Mar 5, 2025
Crazyhunter hacked into Asia University-www.asia.edu.tw from 2025.1.27 to 2025.1.29
Asia University
TWEducation
Discovered: Mar 9, 2025 · Attack est.: Mar 5, 2025
Crazyhunter hacked into Asia University-www.asia.edu.tw from 2025.1.27 to 2025.1.29
Mackay Hospital
TWHealthcare
Discovered: Mar 9, 2025 · Attack est.: Feb 5, 2025