HOMETHREATSHIGHNOON
APT / THREAT GROUP

HIGHNOON

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According to FireEye, HIGHNOON is a backdoor that may consist of multiple components. The components may include a loader, a DLL, and a rootkit. Both the loader and the DLL may be dropped together, but the rootkit may be embedded in the DLL. The HIGHNOON loader may be designed to run as a Windows service.

Threat Analysis

HIGHNOON is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

HIGHNOONwin.highnoon

External Intelligence

Malpedia: win.highnoon

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.