Hive0117 is a threat actor. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does Hive0117 exploit?

Specific CVE exploitation data for Hive0117 is being tracked. Check the Strobes VI threat actor profile for updates.

Hive0117

Exploited CVEs

Overview

Hive0117 is a financially motivated cybercriminal group that conducts phishing campaigns to deliver the fileless malware DarkWatchman, which is capable of keylogging and collecting system information. The group targets individuals in the energy, finance, transport, and software security sectors across Russia, Kazakhstan, Latvia, and Estonia, often imitating official Russian government communications to induce urgency. Their operations leverage emergent policies related to conscription and utilize a UID string for identification, with malware capable of querying for smartcard readers, indicating a focus on higher security targets. The malware's fileless nature and ability to erase traces of its presence suggest moderate sophistication in their TTPs.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database