A version of the Hive cyberattack kit created by the Central Intelligence Agency (CIA) was spotted in the wild. The pirated malicious code acts as spyware, secretly exfiltrating data from victims.
The variant was nicknamed xdr33 after its digital certification code, CN=xdr33.
The Hive variant – unrelated to the Hive ransomware group – was detected on October 21, 2022, by Netlab. Using fake Kaspersky certificates, the malware communicated with an internet protocol (IP) address.