3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Ghost Algeria

Ghost Algeria

ID: 6622a1e25709c2f7a760760c63b67d83
Hacktivist Group Hacktivism
Threat types: Hacktivism, Intrusion
Algeria
Updated: 2026-02-19
Created: 2026-02-19
Progress: 67% Completeness: 66% Freshness: 70%
Operation zone:
Aliases Limited alias preview
GhostAlgeria
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Ghost Algeria is an Algeria-linked hacktivist brand/marker referenced in FunkLocker/FunkSec ransomware reporting (e.g., ransom-note variants and early payload branding).


Technique Technique name Tactics Evidence
T1486 Data Encrypted for Impact TA0040
  • 2025-01-20 — Public reporting describes early FunkLocker ransomware payloads with pro-Algeria branding tied to 'Ghost Algeria', consistent with ransomware encryption impact. · ref
  • 2025-01-10 — Vendor reporting notes ransom-note variants in the FunkSec ecosystem that reference 'Ghost Algeria' (marker), within a ransomware impact context. · ref
T1490 Inhibit System Recovery TA0040
  • 2025-10-02 — INFERENCE (confidence: medium): As a ransomware-adjacent marker, environments seeing 'Ghost Algeria' in notes/branding should expect recovery-inhibition behaviors typical of ransomware operations (e.g., shadow copy deletion / backup tampering). · ref
T1078 Valid Accounts TA0001 TA0003 TA0004 TA0005
  • 2025-06-03 — INFERENCE (confidence: low): Convergence reporting frames a ransomware intrusion model where credential abuse/valid accounts are common; treat as plausible in cluster-level scenarios where 'Ghost Algeria' appears as a marker. · ref
T1059 Command and Scripting Interpreter TA0002
  • 2025-10-02 — INFERENCE (confidence: low): Detection-oriented reporting implies standard ransomware operator tradecraft; command/scripting interpreter usage is a common staging surface for ransomware campaigns in this ecosystem. · ref
T1021.001 Remote Desktop Protocol TA0008
  • 2025-10-02 — INFERENCE (confidence: low): Ransomware intrusion sets commonly use RDP for lateral movement; apply as a defensive hypothesis for cluster-level hunts when 'Ghost Algeria' appears as a marker. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-02-20T01:18:19+00:00

Ghost Algeria — Algeria-linked hacktivist brand referenced in FunkLocker/FunkSec narratives

Classification: TLP:WHITE - Open Source Intelligence (OSINT)

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers — Ghost Algeria


Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Ghost Algeria


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-20T01:19:44+00:00

IOC Appendix — Ghost Algeria

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-20T01:19:57+00:00

OSINT Library — Ghost Algeria


2025-01-10 — Check Point Research — “FunkSec – Alleged Top Ransomware Group Powered by AI”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.