https://www.kelacyber.com/blog/hellcat-h...-and-pryx/
Who is Rey/Hikki-Chan?
Rey, previously known as "Hikki-Chan”, surfaced on BreachForums in early 2024, quickly attracting attention with data leaks and claims of high-profile breaches. However, many of his supposed exclusive leaks, such as VK and Kavim, were later exposed as repackaged older breaches, undermining his credibility. Despite this, he rebranded as “Rey” in late 2024 and remained active in cybercrime, becoming the administrator of the Hellcat group. His operations frequently involved exploiting Jira credentials to gain access to sensitive data in multiple companies, including recently claimed attacks on Jaguar and Ascom. While he also joined the XSS forum in November 2024, his presence there was minimal.
KELA's data lake revealed that Rey was infected by an infostealer on two separate occasions, in February (Redline stealer) and March 2024 (Vidar stealer), when he used the Hikki-Chan moniker. One of the infected bots was likely operating on a shared computer used by a family member. The bot was traced back to a young individual named “Saif” (full name redacted by KELA in this blog) from Amman, Jordan, uncovering possibly Rey’s identity and origins.
Who is Rey/Hikki-Chan?
Rey, previously known as "Hikki-Chan”, surfaced on BreachForums in early 2024, quickly attracting attention with data leaks and claims of high-profile breaches. However, many of his supposed exclusive leaks, such as VK and Kavim, were later exposed as repackaged older breaches, undermining his credibility. Despite this, he rebranded as “Rey” in late 2024 and remained active in cybercrime, becoming the administrator of the Hellcat group. His operations frequently involved exploiting Jira credentials to gain access to sensitive data in multiple companies, including recently claimed attacks on Jaguar and Ascom. While he also joined the XSS forum in November 2024, his presence there was minimal.
KELA's data lake revealed that Rey was infected by an infostealer on two separate occasions, in February (Redline stealer) and March 2024 (Vidar stealer), when he used the Hikki-Chan moniker. One of the infected bots was likely operating on a shared computer used by a family member. The bot was traced back to a young individual named “Saif” (full name redacted by KELA in this blog) from Amman, Jordan, uncovering possibly Rey’s identity and origins.