Hellcat

Ransomware Group Profile

Overview

HellCat is a ransomware-as-a-service group that formed in Q4 2024 and quickly became notable for high-profile attacks against Schneider Electric, Telefónica, and Israel's Knesset, primarily gaining initial access via stolen Jira credentials harvested by infostealer malware, targeting critical infrastructure and government entities.

Dark Web Infrastructure (9)
hellcakbszllztlyqbjzwcbdhfrodx55wq77kmftp4bhnhsnn5r3odad.onion
r7i4vprxr2vznmhnnxj36264ofwx6extopdz535f5v357nqacifymbad.onion
hellcat.rw
hcatxn4ppkgmakaatrq6bsbhqk5ouhviygyx57gljjt5iseul5nvpayd.onion
hellcatdcy653ma43t2ryf2ztw5yfanqsbfmapndbqvteh5itctoijyd.onion
hellcatj6xgvho4qxnr2nbzzthsqel577i5wvzcpfjgavbo3d5l657id.onion
hellcatdohzngkuh7zruzhi2wojrawbnzbyzljtkw6iluv5ussfer4id.onion
hellcatdnrsu4i5uctbklunpfyv2ppiioh5sb3leu4dfgizinrve3gqd.onion
hellcatdue7rasyoi4oh6t3fhra5bpcj5t6xmrm4vjicfqdvrl24ijid.onion
Activity Timeline
First Seen2024
Last Seen2026
Leak Sites9
Quick Actions
View All GroupsThreat Actors
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001