- Nighthawk is an advanced C2 framework intended for red team operations through commercial licensing.
- Proofpoint researchers observed initial use of the framework in September 2022 by a likely red team.
- We have seen no indications at this time that leaked versions of Nighthawk are being used by attributed threat actors in the wild.
- The tool has a robust list of configurable evasion techniques that are referenced as “opsec” functions throughout its code.
P* roofpoint researchers expect Nighthawk will show up in threat actor campaigns as the tool becomes more widely recognized or as threat actors search for new, more capable tools to use against targets.