3C-INT | [Cyber]Crime Characterization for Intelligence

Federal Legion

ID: 01e914ba51296b4c3a38e1272202bbcd86076

Hacktivist Group DDoS Crew Hacktivism

Threat types: Hacktivism, Intrusion, DDoS, DoS, Pro-Russia

Russia UKR

Updated: 2026-03-14

Created: 2026-02-28

Progress: 78% Completeness: 82% Freshness: 70%

Operation zone: Ukraine

Aliases Limited alias preview

FederalLegion

—

Associated Threat Relationships

Limited preview

Related profiles 2
Related files 0

Related profiles

	ID	Threat	Origin	Type	Categories
	78dd1c3c3dfc6fcbbda95d743ab0e2f732121	NoName057(16)	Russia	related	Hacktivist Group
	ba0e9ae91ba1b9b5b915d1d4b147736311264	SKILLNET	Russia	ally-of	Hacktivist Group

Related files

No related files found.

Actor Network Graph

Open Network Graph

Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.

MITRE ATT&CK®

confidence: medium

Actor Techniques page ATT&CK® Diagram

Federal Legion is referenced in OSINT as a pro-Russian hacktivist group participating in coalition-driven DDoS/disruption activity, frequently appearing in allied-group lists associated with NoName057(16) and related pro-Russian hacktivist coalitions.

Technique	Technique name	Tactics	Evidence
T1498	Network Denial of Service	TA0040	2024-02-08 — INFERENCE (confidence: medium): Alliance reporting positions Federal Legion within a DDoS-heavy coalition; DoS/DDoS is assessed as the dominant scenario. · ref 2024-09-26 — INFERENCE (confidence: medium): Vendor reporting describes alliances (including Federal Legion) in hacktivist campaigns emphasizing disruptive activity. · ref
T1585	Establish Accounts	TA0042	2024-01-01 — INFERENCE (confidence: low–medium): A Telegram channel labeled @FederalLegion exists and may function as comms; ownership attribution requires validation. · ref
T1595	Active Scanning	TA0043	2024-01-20 — INFERENCE (confidence: medium): Target-list/campaign framing implies basic endpoint validation prior to waves. · ref
T1583	Acquire Infrastructure	TA0042	2025-07-16 — INFERENCE (confidence: medium): Coalition DDoS activity typically relies on acquired/leased infra and proxy/relay capacity; law enforcement action against NoName057(16) indicates material infrastructure underpinning campaigns. · ref

Strategic Intelligence

Limited preview

Last updated: 2026-03-03T15:26:30+00:00

Preliminary Strategic Intelligence

Federal Legion - Hacktivism / Disruption (DDoS-focused; coalition-aligned)

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Full strategic intelligence is available in Analyst and Premium plans.

Executive Analyst Brief for CISO

Saved Limited preview

Executive Analyst Brief for Decision Makers — Federal Legion

Classification: Unclassified / OSINT — TLP:WHITE

Upgrade to access the full executive brief.

Tip: Hover the section title to learn what’s included in Analyst / Premium plans.

Saved successfully.

Hunting Playbook

Saved Limited preview

Hunting Playbook — Federal Legion (Coalition-aligned DDoS/Disruption)

Upgrade to access the full hunting playbook.

Tip: Hover the section title to learn what’s included in Analyst / Premium plans.

Saved successfully.

IOC Appendix

Saved Limited preview

Last updated: 2026-03-03T15:27:55+00:00

IOC Appendix — Federal Legion

Classification: Unclassified / OSINT — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.

Saved successfully.

OSINT Library

Saved Limited preview

Last saved: 2026-03-03T15:28:18+00:00

OSINT Library — Federal Legion

2024-01-28 — The Guardian (live blog) — “Pro-Russia hacking group announces plans to target Ukrainian government (lists Federal Legion among allies)”

Full OSINT references available for Research / Analyst.

Saved successfully.

Social Medial & Communication

SOCMINT integrated: 0/10

Telegram 10 0

Address	Verification	SOCMINT
`t.me/Fed**********`	Restricted	Not integrated
`t.me/Fed***********************`	Restricted	Not integrated
`t.me/Fed***********`	Restricted	Not integrated
`t.me/+Et**************`	Restricted	Not integrated
`t.me/Pep*********`	Restricted	Not integrated
`t.me/Fed*********`	Restricted	Not integrated
`t.me/+sh**************`	Restricted	Not integrated
`t.me/+Z-**************`	Restricted	Not integrated
`t.me/+01**************`	Restricted	Not integrated
`t.me/Fed***************`	Restricted	Not integrated

Notes: preview mode hides sensitive social/contact details.

Reference Images/Associated Evidence Limited

No images found for this threat.

Threat Actor Characterization

Federal Legion

Associated Threat Relationships

Related profiles

Related files

Actor Network Graph

MITRE ATT&CK®

Strategic Intelligence

Federal Legion - Hacktivism / Disruption (DDoS-focused; coalition-aligned)

Executive Analyst Brief for CISO

Executive Analyst Brief for Decision Makers — Federal Legion

Hunting Playbook

Hunting Playbook — Federal Legion (Coalition-aligned DDoS/Disruption)

IOC Appendix

IOC Appendix — Federal Legion

OSINT Library

OSINT Library — Federal Legion

Social Medial & Communication

Reference Images/Associated Evidence Limited