APT / THREAT GROUP
HawkEye Keylogger
5
aliases
Last seen:Mar 17, 2026
Intelligence Profile
HawKeye is a keylogger that is distributed since 2013. Discovered by IBM X-Force, it is currently spread over phishing campaigns targeting businesses on a worldwide scale. It is designed to steal credentials from numerous applications but, in the last observed versions, new "loader capabilities" have been spotted. It is sold by its development team on dark web markets and hacking forums.
Threat Analysis
HawkEye Keylogger is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases5
Also Known As
Predator PainHawkEyewin.hawkeye_keyloggerHawkEye RebornHawkEye Keylogger
External Intelligence
Malpedia: win.hawkeye_keyloggerResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.