3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
AnonGhost Team

AnonGhost Team

ID: 334b1921135ff440ee5b4fd6e6e2ecbd37228
Hacktivist Group Collective Hacktivism
Threat types: DDoS, Defacement, Propaganda, Pro-Palestine
Unknown
Updated: 2026-03-09
Created: 2025-10-15
Progress: 65% Completeness: 63% Freshness: 70%
Operation zone:
Aliases Limited alias preview
AG AGT An******* An*************
An************ An*********** ÁÑ************
Showing 2 of 7 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: high
Actor Techniques page ATT&CK® Diagram

AnonGhost Team is a pro-Palestinian hacktivist collective that in October 2023 abused a rocket-alert app’s API to push fake nuclear-attack notifications and distributed a malicious Android clone of the RedAlert app from a look-alike site to harvest device data.


Technique Technique name Tactics Evidence
T1190 Exploit Public-Facing Application TA0001
  • 2023-10-09 — Abuse of a Red Alert app API enabled sending fake nuclear-attack notifications to users. · ref
T1204.002 Malicious File TA0002
  • 2023-10-14 — Malicious Android APK of RedAlert distributed from a fake site (redalerts[.]me) that exfiltrated SMS, call logs, contacts, and account info. · ref
T1491 Defacement TA0040
  • 2023-10-16 — Hacktivist defacement/DDoS claims observed in broader conflict reporting tracking groups like AnonGhost. · ref
Strategic Intelligence
Limited preview
Last updated: 2025-10-24T03:06:58+00:00
ANONGHOST TEAM — Pro-Palestinian hacktivism focused on influence ops, mobile spoofing, and opportunistic disruption (2023–present)

CLASSIFICATION: Unclassified / Open Source


Executive Summary

AnonGhost Team is a pro-Palestinian hacktivist collective that surged in visibility during 2023-10 amid the Israel–Hamas war. Open reporting attributes to AnonGhost two distinct lines of activity: (1) messaging and nuisance ops (defacements/DDoS claims) amplified via Telegram, and (2) a targeted influence/collection operation abusing Israel’s rocket-alert ecosystem. In 2023-10, researchers reported AnonGhost exploited an API flaw in one Red Alert–branded app to push fake “nuclear strike” alerts to users, and distributed a malicious Android clone of the RedAlert app from a look-alike website that harvested device data and communications. These activities show intent to deceive, alarm, and collect rather than to deploy bespoke destructive malware. Overall confidence in these core facts is high based on primary technical analyses and contemporaneous reporting.


  • Industries/Sectors: Public-safety alerting (civil defense apps); Government/public communications; Media & social platforms supporting conflict narratives.
  • Geography (Region): Middle East (Israel); global information space via social channels.
  • Countries (if available): Israel (users of Red Alert/RedAlert apps).
  • Timeframe: 2023–2025 (documented ops from 2023-10-09/14; ongoing hacktivist claims in later reporting).
Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/6
Address Verification SOCMINT
twitter.com/Ano*********** Restricted Not integrated
twitter.com/ano********* Restricted Not integrated
Address Verification SOCMINT
facebook.com/ano********** Restricted Not integrated
Address Verification SOCMINT
t.me/off************** Restricted Not integrated
t.me/Ano********* Restricted Not integrated
t.me/Ano******* Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–1 of 1 images
Affiliation with another group Free Preview
Affiliation with another group