3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Cyber His-Eyes

Cyber His-Eyes

ID: 23393f8765dadd2073b1fa03f4d1ca6628920
Hacktivist Group Collective Hacktivism
Threat types: Hacktivism, Intrusion, Data Leak
Iran ISR
Updated: 2026-04-12
Created: 2026-04-08
Progress: 94% Completeness: 92% Freshness: 100%
Operation zone: Israel
Aliases Limited alias preview
Cyber His-Eyes Team His Eyes Hi********** hi*****
Hi********
Showing 2 of 5 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Cyber His-Eyes is a small Telegram-centered affiliate brand aligned with Cyber Islamic Resistance and closely co-branded with Cyber Fattah in pro-Iran / anti-Israel claim activity. Available evidence supports strong coalition affiliation but does not yet support a high-confidence assessment of Cyber His-Eyes as a mature autonomous intrusion team.


Technique Technique name Tactics Evidence
T1585.001 Social Media Accounts TA0042
  • 2026-04-09 — Public Telegram invite pages show Cyber His-Eyes maintaining a branded social-media presence and contact surface. · ref
  • 2026-02-10 — Cyber Islamic Resistance publicly promoted the Cyber His-Eyes Telegram channel, reinforcing its role as a persistent public-facing affiliate brand. · ref
T1583 Acquire Infrastructure TA0042
  • 2026-04-09 — INFERENCE (confidence: medium): Multiple invite links and continuity of the channel suggest routine use and maintenance of low-cost public communications infrastructure. · ref
T1593 Search Open Websites/Domains TA0043
  • 2026-03-24 — INFERENCE (confidence: medium): Public claims against symbolic Israeli institutions imply open-source target selection and exposure assessment prior to action or claim packaging. · ref
T1213 Data from Information Repositories TA0009
  • 2026-01-01 — Public claim content described a 40GB database/document set allegedly obtained from Hebrew International University, which aligns most closely with data theft from an information repository if true. · ref
  • 2026-01-25 — Follow-on reposting again tied Cyber His-Eyes to the same Hebrew International University dataset claim in partnership with Cyber Fattah. · ref
T1499 Endpoint Denial of Service TA0040
  • 2026-03-26 — INFERENCE (confidence: medium): Cyber Islamic Resistance is publicly reported as coordinating DDoS and disruptive operations in the wider ecosystem, making nuisance-disruption behavior plausible for affiliated brands like Cyber His-Eyes even without direct proof. · ref
T1491.001 Internal Defacement TA0040
  • 2026-03-06 — INFERENCE (confidence: medium): The broader ecosystem repeatedly uses public claim and symbolic impact tactics, making defacement-style effects plausible in Cyber His-Eyes-aligned campaigns though actor-specific technical validation remains limited. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-04-12T15:10:35+00:00

Cyber His-Eyes

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Category: Cyber / Hybrid Hacktivist-Extremist Affiliate Node — Origin: Iran-linked / wider resistance-axis ecosystem (assessed)

Author: iQBlack CTI Team


Executive Summary

Cyber His-Eyes is best modeled at present as a small but operationally themed affiliate brand embedded in the wider Cyber Islamic Resistance (CIR) and Cyber Fattah environment, rather than as a fully independent cyber organization with clearly documented standalone tradecraft. Public evidence shows that the brand is directly forwarded and promoted by CIR, publicly linked through Telegram invite URLs, and co-mentioned with Cyber Fattah in claims framed as the work of the “Iranian Islamic Cyber Resistance Units.”


The strongest current evidence does not support treating Cyber His-Eyes as a mature actor on par with large state-backed intrusion programs. Instead, it points to a coalition-support role inside a pro-Iran / anti-Israel wartime digital ecosystem that blends propaganda, breach marketing, symbolic attack claims, coalition signaling, and public-facing recruitment or contact surfaces. OSINT [B2]

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — Cyber His-Eyes

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Cyber His-Eyes


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-04-12T15:12:54+00:00

IOC Appendix — Cyber His-Eyes

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-04-12T15:13:07+00:00

OSINT Library — Cyber His-Eyes


2026-04-09 — Telegram — “Cyber His-eyes”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/3
Address Verification SOCMINT
t.me/+79************** Restricted Not integrated
t.me/+Ke************** Restricted Not integrated
Address Verification SOCMINT
hi********@proton.me Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–1 of 1 images
Logo / Avatar Free Preview
Logo / Avatar