HellCat and Morpheus Ransomware Share Identical Payloads for Attacks

The cybersecurity landscape witnessed a surge in ransomware activity during the latter half of 2024 and into early 2025, with the emergence of operations like HellCat and Morpheus.

Alongside their rise, notable groups such as FunkSec, Nitrogen, and Termite gained traction, while established actors Cl0p and LockBit introduced new versions of their ransomware, further amplifying the threat.

Among these, HellCat and Morpheus, both operating under the Ransomware-as-a-Service (RaaS) model, have caught significant attention for their increasing sophistication, targeted attacks, and operational similarities.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

HellCat’s Aggressive Expansion

Launched in mid-2024, HellCat has positioned itself as a high-profile actor within the RaaS domain.

Its leadership is reportedly comprised of prominent members from the BreachForums community, including individuals under pseudonyms such as Rey, Pryx, Grep, and IntelBroker.

The group has targeted high-value entities, focusing particularly on government organizations and ...