HIWIRE
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Techniques & procedures
2 distinct techniques documented for this family, organized by ATT&CK tactic.
Reconnaissance
2 techniquesIn February 2024, R3D reported that the Cyberspace Operations Center under the Secretariat of National Defense had used HIWIRE monitoring software from Israeli firm WebintPro to identify links between social media users critical of the Mexican Armed Forces or the government as recently as May 2022.
In June 2025, the US Department of State instructed all applicants for F, M, and J nonimmigrant visas to set privacy settings on their social media profiles to public –– facilitating monitoring of the social media activity of a broad range of foreign nationals seeking to enter the US.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Monitoring software used to identify links between social media users critical of the Mexican Armed Forces or government.
Monitoring software used to identify links between social media users critical of the Mexican Armed Forces or government.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.