HOMETHREATSHawkEye Keylogger
APT / THREAT GROUP

HawkEye Keylogger

5
aliases
Last seen:Mar 17, 2026

Intelligence Profile

HawKeye is a keylogger that is distributed since 2013. Discovered by IBM X-Force, it is currently spread over phishing campaigns targeting businesses on a worldwide scale. It is designed to steal credentials from numerous applications but, in the last observed versions, new "loader capabilities" have been spotted. It is sold by its development team on dark web markets and hacking forums.

Threat Analysis

HawkEye Keylogger is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases5

Also Known As

Predator PainHawkEyewin.hawkeye_keyloggerHawkEye RebornHawkEye Keylogger

External Intelligence

Malpedia: win.hawkeye_keylogger

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.