3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Team 1916

Team 1916

ID: 171ed8bebe36973a9980d10e08b6ff5023735
Hacktivist Group Hacktivism
Threat types: Hacktivism, Intrusion, DDoS Attack
Afghanistan
Updated: 2026-02-21
Created: 2026-02-20
Progress: 67% Completeness: 66% Freshness: 70%
Operation zone:
Aliases Limited alias preview
Team1916
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Team 1916 is a hacktivist brand referenced in OSINT within pro‑Palestinian collaboration ecosystems and linked to disruption activity (DDoS) and Telegram-amplified claim/advertisement behavior (including reported data-sale promotion). Evidence supports a disruption-first posture; deep intrusion or data theft claims should be treated as unproven without telemetry. Techniques beyond DDoS and propaganda are marked as INFERENCE where not directly evidenced.


Technique Technique name Tactics Evidence
T1498 Network Denial of Service TA0040
  • 2024-05-16 — Reporting describes TEAM1916 conducting a DDoS attack against Dubai’s official website (campaign/disruption behavior). · ref
  • 2025-03-24 — Reporting reiterates the Afghani 'Team 1916' DDoS on Dubai official website in the context of regional cyber risk. · ref
T1585.001 Social Media Accounts TA0042
  • 2024-04-17 — Reporting indicates Team 1916 advertised a sensitive database for sale on its Telegram channel (claim/advertisement behavior). · ref
  • 2024-01-22 — Actor listed among collaborating groups in a pro-Palestinian hacktivist ecosystem report; consistent with coordination/amplification role of social platforms. · ref
T1595 Active Scanning TA0043
  • 2024-05-16 — INFERENCE (confidence: medium): DDoS targeting implies identification and validation of exposed public endpoints prior to attack waves. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-02-22T02:46:25+00:00

Team 1916 — Pro‑Palestinian‑Aligned Hacktivist Brand (DDoS + Claims Ecosystem)

Classification: TLP: WHITE — Open Source Intelligence (OSINT)

Category: Cyber / Hacktivism — Disruption (DDoS) + Influence/claims

Assessed home base: Unclear; some reporting describes Afghanistan-linked identity claims (treat as unverified)


Executive Summary

Team 1916 is assessed as a hacktivist brand that appears in pro‑Palestinian hacktivist collaboration ecosystems and is referenced in open reporting for disruption activity and public claim amplification. The strongest recurring operational posture described in sources is DDoS disruption against high‑visibility targets, paired with Telegram‑style messaging and opportunistic participation in coalition dynamics.

Open reporting describes a DDoS operation attributed to TEAM1916 against a Dubai government website in May 2024. Separate reporting indicates Team 1916 advertised a sensitive database for sale on Telegram in April 2024 (advertisement behavior), which suggests the brand also participates in a claims marketplace and influence ecosystem.

Confidence is medium–high that Team 1916 is a real brand used within hacktivist claim ecosystems and referenced by multiple independent sources. Confidence is medium that the brand is consistently operationally active over time; some ecosystem reporting suggests the group may have periods of inactivity or churn. Confidence is low–medium for deep intrusion capability beyond disruption and advertising claims, because technical artifacts and victim‑side validation are not consistently available in open sources.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers — Team 1916


Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Team 1916 (DDoS + Claims Ecosystem)


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-22T02:47:34+00:00

IOC Appendix (TLP:WHITE) — Team 1916


More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-22T02:47:48+00:00

OSINT Library — Team 1916


2024-05-16 — Cyfirma — “Cyber Attacks on Egypt, UAE, and Saudi Arabia (mentions TEAM1916 DDoS on Dubai official site)”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.