3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Keymous Team

Keymous Team

ID: 5bdc43b396660424f321fa796614a9f726437
Hacktivist Group DDoS Crew Hacktivism
Threat types: Hacktivism, Intrusion, DDoS Attack
Algeria BHR, EGY, IRQ, JOR, KEN, KWT, LBN, MAR, NER, OMN, QAT, RWA, ZAF, SSD, SYR, TUN, ARE
Updated: 2026-04-08
Created: 2025-10-23
Progress: 94% Completeness: 96% Freshness: 90%
Operation zone: Bahrain, Egypt, Iraq, Jordan, Kenya, Kuwait, Lebanon, Morocco, Niger, Oman, Qatar, Rwanda, South Africa, South Sudan, Syria, Tunisia, United Arab Emirates
Aliases Limited alias preview
Keymous Keymous Plus KE******* Ke*********
K** KM*******
Showing 2 of 6 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Hacktivist/hybrid DDoS-focused collective assessed to originate in North Africa (primarily Algeria) and active since late 2023; notable for high-visibility DDoS claims, alliance signaling, and suspected linkage to DDoS-for-hire (EliteStress).


Technique Technique name Tactics Evidence
T1498 Network Denial of Service TA0040
  • 2025-10-01 — Telemetry-backed profile documents confirmed DDoS events and enumerates reflection/amplification vectors used in 2025. · ref
  • 2026-02-19 — OSINT dossier describes primary strategy as high-volume DDoS, often using DDoS-for-hire services like EliteStress. · ref
T1583 Acquire Infrastructure TA0042
  • 2026-02-19 — OSINT dossier notes use of commercially available DDoS-for-hire platforms and alliance-based scaling. · ref
  • 2025-07-02 — Vendor analysis raises possibility of DDoS-as-a-Service branding/affiliation, suggesting infrastructure acquisition/operation beyond purely ideological motives. · ref
T1071 Application Layer Protocol TA0011
  • 2025-07-02 — Reporting highlights coordination/claim dissemination on Telegram and X, indicating reliance on common application-layer platforms for operational comms. · ref
  • 2026-02-19 — OSINT dossier emphasizes Telegram usage for recruitment and cohesion through social proof and rapid narrative shaping. · ref
T1588 Obtain Capabilities TA0042
  • 2025-10-01 — Telemetry reporting includes multiple DDoS vectors consistent with commodity capabilities that can be obtained via services or botnet rentals. · ref
  • 2026-02-19 — OSINT dossier indicates use of EliteStress and other commercially available platforms (capability acquisition). · ref
T1650 Acquire Access TA0042
  • 2025-10-01 — Telemetry notes use of large source pools (including compromised devices) as DDoS sources (interpreted as access to distributed sources). · ref
Strategic Intelligence
Limited preview
Last updated: 2026-04-07T14:54:48+00:00

Keymous Team (Keymous+, KMP Group, KEYMOUSE+)

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Category: Hacktivism / Hybrid DDoS Operations (with suspected DDoS-as-a-Service monetization)

Author: iQBlack CTI Team



Executive Summary

Keymous+ (also referenced as KMP Group / Keymous Plus / KEYMOUSE+) is a high-visibility hacktivist-aligned collective that emerged in late 2023, with early public activity linked to DDoS claims against a Moroccan e‑Visa portal (November 2023).

Across 2024–2025, the group scaled into a sustained, opportunistic disruption campaign footprint spanning Europe, North Africa, the Middle East, and parts of Asia, primarily via high-volume DDoS operations and public ‘claim’ messaging on Telegram/X.

Multiple vendors assess the actor as ‘hybrid’—mixing political narratives (e.g., pan‑Arab solidarity / ‘Hack for Humanity’) with signs of commercialization, including promotion or close affiliation with a stressor / DDoS‑for‑hire service branded as EliteStress.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers — Keymous Team

Classification: Unclassified / OSINT — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Keymous Team (Keymous+ / KMP)


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-20T02:10:13+00:00

IOC Appendix — Keymous Team

Classification: Unclassified / OSINT — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-20T02:11:09+00:00

OSINT Library — Keymous Team


2025-10-01 — NETSCOUT ASERT — "Keymous+ Threat Actor Profile"

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/13
Address Verification SOCMINT
x.com/Key******** Restricted Not integrated
Address Verification SOCMINT
t.me/Key******** Restricted Not integrated
t.me/Key****** Restricted Not integrated
t.me/+iO************** Restricted Not integrated
t.me/+oo************** Restricted Not integrated
t.me/+Z8************** Restricted Not integrated
t.me/+S_************** Restricted Not integrated
t.me/Key*********** Restricted Not integrated
t.me/+lI************** Restricted Not integrated
t.me/+is************** Restricted Not integrated
t.me/+JE************** Restricted Not integrated
t.me/KMP**** Restricted Not integrated
Address Verification SOCMINT
telegram.eliteservices.st Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–10 of 10 images
Alliance with Sons Of Anarchy Free Preview
Alliance with Sons Of Anarchy
Alliance with Tunisian Maskers Cyber Force Free Preview
Alliance with Tunisian Maskers Cyber Force
Alliance with Wolves of Turan. Free Preview
Alliance with Wolves of Turan.
Alliance with QuietSec Free Preview
Alliance with QuietSec
Alliance with Hackhax Free Preview
Alliance with Hackhax
Affiliation with another group Free Preview
Affiliation with another group
Affiliation with another group Free Preview
Affiliation with another group
Affiliation with another group Free Preview
Affiliation with another group
Affiliation with another group Free Preview
Affiliation with another group
Affiliation with another group Free Preview
Affiliation with another group
Showing 4 of 10 images in preview mode. Additional evidence is restricted for Analyst and Premium plans.