3C-INT | [Cyber]Crime Characterization for Intelligence

Yemen Electronic Army

ID: 428c2b256666ec5cf86f7617b2777ffa74589

Hacktivist Group Hacktivism

Threat types: Intrusion, Data Leak, Defacement, Pro-Yemeni, Pro-Houthi

Yemen BRA, CAN, FRA, IND, MOZ, RUS, ZAF, TUN, USA, VEN

Updated: 2026-04-08

Created: 2025-10-21

Progress: 80% Completeness: 75% Freshness: 90%

Operation zone: Brazil, Canada, France, India, Mozambique, Russia, South Africa, Tunisia, United States, Venezuela

Aliases Limited alias preview

Ciberejército de Yemen	Y.C.A	Y**	Y*****
Y**	Ye**************	Ye************	Ye*****************

Showing 2 of 8 aliases in free preview.

Associated Threat Relationships

Limited preview

Related profiles 18
Related files 0

Related profiles

ID	Threat	Origin	Type	Categories
08ee9086c28b81c9f13ac2295bec8475	313 Team	Iran	co-actor	Cybercrime
5224f4ea893eacd08bd26efeb00137f4	404_yemen	Yemen	member-of	Cybercrime
371040e878ce212b14c168857605f1df	Ademo	Yemen	member-of	Cybercrime
8f27533a6eae91685fa0355542c0b3db	Cyber Islamic Resistance	Lebanon	ally-of	Hacktivist Group
b5aff3c9c5cce7b51d8cbd4b97d1db9d	HaTRk	Yemen	member-of	Cybercrime
d05e4f60c5fe7459650b519e6add6366	LOSTK!D1337	Yemen	member-of	Cybercrime
9393173c58b654e8eb762addde7ac8d6	Mr.qlq	Yemen	member-of	Cybercrime
78dd1c3c3dfc6fcbbda95d743ab0e2f732121	NoName057(16)	Russia	affiliated	Hacktivist Group
00b947646090e84f8c9587f9bdae7674	RxR HaCKEr	Yemen	member-of	Cybercrime
c06354a9888c92d5b99279b6d64cbbeb	s49_hack	Yemen	member-of	Cybercrime
05b536b9078c9eac17eb1d0cfbe05681	Sam-sanaa	Yemen	member-of	Cybercrime
daca574333debedcf45d6c12da1baa8c	seven70x	Yemen	member-of	Cybercrime
cad6ef1a91000d5c21ebede5b8f7595a	Spider_R70	Yemen	member-of	Cybercrime
0a79c38c69aff1427c4f24e07dcc6c05	t0x.ye	Yemen	member-of	Cybercrime
b01d8331f7e7d8e2e9783abf9a54109b	Toshka	Yemen	member-of	Cybercrime
9c668005061fdccfbbb0016efe0c39d7	Ye_1337	Yemen	member-of	Cybercrime
c1ed2f03e7df0a4897b11a6b234edda8	ye_hack	Yemen	member-of	Cybercrime
570496728cbcf60534a20b98cd60a6e8	zper	Yemen	member-of	Cybercrime

Related files

No related files found.

Actor Network Graph

Open Network Graph

Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.

MITRE ATT&CK®

confidence: medium

Actor Techniques page ATT&CK® Diagram

Yemen Electronic Army (YEA) — pro-Yemeni/Pro-Houthi hacktivist label often overlapping with Yemen Cyber Army; 2015 defacement of Al-Hayat and Saudi MFA data leaks used for propaganda.

Technique	Technique name	Tactics	Evidence
T1491.002	External Defacement	TA0040	2015-04 — Defacement of the Al-Hayat media website during the Yemen conflict. · ref
T1190	Exploit Public-Facing Application	TA0001	2015 — Opportunistic exploitation of public-facing web applications consistent with defacement tradecraft (assessed from 2015 operations). · ref
T1041	Exfiltration Over C2 Channel	TA0010	2015-05 — Exfiltration of Saudi MFA data later disseminated through public mirrors/WikiLeaks. · ref

Strategic Intelligence

Limited preview

Last updated: 2025-10-22T02:17:00+00:00

Preliminary Strategic Intelligence

Yemen Electronic Army (YEA) — Pro-Yemeni/Pro-Houthi Hacktivist Label

CLASSIFICATION: Unclassified / Open Source

Executive Summary

Open sources suggest that “Yemen Electronic Army” (YEA) surfaced around 2015 and is frequently conflated with or considered an alias/label variant of the Yemen Cyber Army (YCA). Operations attributed in that period include the defacement of Al-Hayat (London-based, pro-Saudi) and subsequent data theft from Saudi Arabia’s Ministry of Foreign Affairs, later publicized via WikiLeaks mirrors. Multiple analyses assessed possible Iranian linkages (infrastructure, Persian language indicators), framing the activity within Iran–Saudi proxy dynamics during the Yemen war. Public cases resurfaced in 2025 with the UK sentencing of a YCA-linked defacer. Overall capability: low–moderate (defacement/exfil via opportunistic vectors); Confidence: medium for YEA as a distinct brand, high that the operations are real under the YCA/YEA umbrella.

Pro-Yemeni/Pro-Houthi hacktivist posture; messaging targets Saudi and allied interests during the conflict. Several researchers describe Iranian support/enablement as plausible.

Full strategic intelligence is available in Analyst and Premium plans.

Executive Analyst Brief for CISO

Empty Limited preview

No content yet.

Tip: Hover the section title to learn what’s included in Analyst / Premium plans.

Saved successfully.

Hunting Playbook

Empty Limited preview

No content yet.

Tip: Hover the section title to learn what’s included in Analyst / Premium plans.

Saved successfully.

IOC Appendix

Empty Limited preview

No content yet.

Saved successfully.

OSINT Library

Empty Limited preview

No content yet.

Saved successfully.

Social Medial & Communication

SOCMINT integrated: 0/7

Address	Verification	SOCMINT
`x.com/Yem***********`	Restricted	Not integrated

Address	Verification	SOCMINT
`t.me/Yem***********`	Restricted	Not integrated
`t.me/Y_C*****`	Restricted	Not integrated
`t.me/Yem*************`	Restricted	Not integrated
`t.me/YC_************`	Restricted	Not integrated
`t.me/YCA***`	Restricted	Not integrated