3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Hezi Rash

Hezi Rash

ID: 436ff928e2e21dbfad9cfb7ccf7ea30335832
Hacktivist Group Hacktivism
Threat types: Hacktivism, DDoS, Botnet, Propaganda, Kurdish Nationalism, Religious Messaging
Unknown AUS, FRA, DEU, IRN, IRQ, ISR, JPN, NLD, POL, TUR
Updated: 2026-04-09
Created: 2026-02-22
Progress: 89% Completeness: 88% Freshness: 90%
Operation zone: Australia, France, Germany, Iran, Iraq, Israel, Japan, Netherlands, Poland, Turkey
Aliases Limited alias preview
Black Force BlackForce He******
Showing 2 of 3 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Hezi Rash is an ideologically motivated Kurdish nationalist hacktivist group (established 2023 per public reporting) primarily associated with DDoS activity and public claim amplification across multiple social platforms.


Technique Technique name Tactics Evidence
T1498 Network Denial of Service TA0040
  • 2025-10-30 — Public reporting describes Hezi Rash conducting distributed denial-of-service (DDoS) attacks as its primary tactic. · ref
  • 2025-10-01 — Report documents ~350 DDoS attacks attributed to Hezi Rash in the Aug–Oct 2025 window. · ref
T1585.001 Social Media Accounts TA0042
  • 2025-10-01 — Report lists multiple public social-media accounts (Telegram, X, YouTube, TikTok, Facebook) used for presence/coordination and claims. · ref
T1583 Acquire Infrastructure TA0042
  • 2025-10-30 — INFERENCE (confidence: medium): reporting links the actor to DDoS toolkits/services (e.g., DaaS platforms and toolkits), implying access to acquired/leased infrastructure rather than purely organic capacity. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-02-24T20:47:18+00:00

Hezi Rash — Kurdish nationalist hacktivist DDoS cluster

Classification: TLP:WHITE - Open Source Intelligence (OSINT)

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — Hezi Rash

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Hezi Rash


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-24T20:49:45+00:00

IOC Appendix — Hezi Rash

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-24T20:49:59+00:00

OSINT Library — Hezi Rash


2025-10-30 — Check Point Research — “Hezi Rash: Rising Kurdish Hacktivist Group Targets Global Sites”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/4
Address Verification SOCMINT
t.me/hez***** Restricted Not integrated
t.me/hez****** Restricted Not integrated
t.me/+iT************** Restricted Not integrated
t.me/Hez******* Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–4 of 4 images
Logo Free Preview
Logo
Alliance with NoName057(16) Free Preview
Alliance with NoName057(16)
Hacked website Free Preview
Hacked website
Propaganda Free Preview
Propaganda