APT / THREAT GROUP
HexagonalRodent
1
aliases
Last seen:May 2, 2026
Intelligence Profile
HexagonalRodent targets Web3 developers to steal crypto assets, employing social engineering tactics such as fake job offers. They utilize malware like BeaverTail and OtterCookie, both NodeJS-based toolkits, and InvisibleFerret, a Python-based RAT, to execute their attacks. Their TTPs include backdooring skills assessments via VSCode's tasks.json feature and conducting opportunistic exfiltration of credentials and crypto wallets. The group has also engaged in a supply chain attack, compromising the 'fast-draft' VSX extension to install malware.
Threat Analysis
HexagonalRodent is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning HexagonalRodent
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels
The Hacker News· Jun 15, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases1
SourceMalpedia
Also Known As
HexagonalRodent
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.