Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 22:42:47 UTC
Home > List all groups > List all tools > List all groups using tool STEELHOOK
 Tool: STEELHOOK
Names STEELHOOK
Category Malware
Type Info stealer, Credential stealer
Description
(BleepingComputer) The Ukrainian CERT says APT28 also uses a set of PowerShell scripts
named 'STEELHOOK' to steal data from Chrome-based web browsers, likely to extract
sensitive information like passwords, authentication cookies, and browsing history.
Information
Malpedia Last change to this tool card: 27 December 2024
Download this tool card in JSON format
All groups using tool STEELHOOK
Changed Name Country Observed
APT groups
 Sofacy, APT 28, Fancy Bear, Sednit 2004-Apr 2025
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=681051fa-e975-4c7a-a6a9-ffd65ae0bc90
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=681051fa-e975-4c7a-a6a9-ffd65ae0bc90
Page 1 of 1