Skip to main content
JS
Jacob Santos

Jacob Santos

Threat Hunter, Researcher and Builder

Sr. Threat Researcher | Trend AI
17
Articles
14
Threads
10+
Tools
10+
Talks
CrazyHunter Campaign Targets Taiwanese Critical Sectors
Trend AI Research Blog Apr 2025

CrazyHunter Campaign Targets Taiwanese Critical Sectors

RansomwareTaiwanBYOVD

CrazyHunter is a ransomware campaign specifically targeting critical sectors in Taiwan — healthcare institutions and educational organizations. What makes this group notable is their heavy reliance on open-source offensive tools, with approximately 80% of their toolset being publicly available. They employ BYOVD (Bring Your Own Vulnerable Driver) attacks to disable security products, use Prince ransomware as their encryption payload, and leverage tools like SharpGPOAbuse for lateral movement via Group Policy. This article details the full attack chain, victimology analysis, and provides sector-specific mitigation guidance.