3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Sonora Hackers Team

Sonora Hackers Team

ID: 318b4882834c4da4d479b23c1693929e75714
Hacktivist Group Data Leak Channel Hacktivism
Threat types: Hacktivism, Data Exfiltration
Mexico MEX
Updated: 2026-04-03
Created: 2026-04-03
Progress: 89% Completeness: 88% Freshness: 90%
Operation zone: Mexico
Aliases Limited alias preview
SHT Sonora Hackers So***********
Showing 2 of 3 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Sonora Hackers Team is an emerging Mexico-linked data-leak and access-sales project likely centered on the operator identity alz / Alz_157s / alz157. Current evidence supports Telegram-based branding, public data-exfiltration claims, and probable continuity with the broader Sociedad Privada 157 ecosystem.


Technique Technique name Tactics Evidence
T1078 Valid Accounts TA0001 TA0003 TA0004 TA0005
  • 2026-03-30 — Public reporting on related SP157 ecosystem described repeated access patterns consistent with weak-credential or account-abuse scenarios in Mexican public-sector systems. · ref
T1213 Data from Information Repositories TA0009
  • 2026-04-01 — User-provided claim described extraction and exposure of structured taxpayer data from Tuxtla Gutiérrez municipal systems and a large detention-related dataset. · ref
T1083 File and Directory Discovery TA0007
  • 2026-04-01 — Large structured-data claims imply enumeration and selection of stored record material prior to extraction. · ref
T1567 Exfiltration Over Web Service TA0010
  • 2026-04-01 — Telegram-centric contact and public leak staging are consistent with web-service-assisted exposure or negotiation workflows, though the exfiltration path is not directly validated. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-04-03T19:32:31+00:00

Sonora Hackers Team — Emerging Mexico-Linked Data-Leak / Access-Sales Project Possibly Centered on a Single Operator

Classification: Unclassified / Open Source Intelligence (OSINT) + Human Intelligence (HUMINT) — TLP:WHITE

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — Sonora Hackers Team


Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Sonora Hackers Team


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-04-03T19:29:59+00:00

IOC Appendix — Sonora Hackers Team


More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-04-03T19:30:16+00:00

OSINT Library — Sonora Hackers Team

2025-11-01 — Infobae — "El sistema educativo mexicano, en el centro de una tormenta de ciberataques y filtraciones masivas"

https://www.infobae.com/mexico/2025/11/02/el-sistema-educativo-mexicano-en-el-centro-de-una-tormenta-de-ciberataques-y-filtraciones-masivas/

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/1
Address Verification SOCMINT
t.me/son********** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–2 of 2 images
Propaganda Free Preview
Propaganda
Avatar Free Preview
Avatar