3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
V For Vendetta Cyber Team

V For Vendetta Cyber Team

ID: 73c8b02d2786934ce41c756164d6863d66403
Hacktivist Group Collective Data Leak Channel Hacktivism
Threat types: Intrusion, Defacement, Malware, Ransomware, Extortion
Indonesia ECU, DEU, IND, IDN, ISR, MYS
Updated: 2026-04-12
Created: 2025-10-23
Progress: 90% Completeness: 85% Freshness: 100%
Operation zone: Ecuador, Germany, India, Indonesia, Israel, Malaysia
Aliases Limited alias preview
Project_Vendetta VENDETTA CYBER TEAM VF***** V****
VF********
Showing 2 of 5 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

V For Vendetta Cyber Team (VFVCT) is an Anonymous-themed hacktivist / hybrid actor that conducts web application compromises, defacements, and database leaks against government and organizational websites, with campaigns framed around political and social causes (e.g., environmental protests in Indonesia, pro-Palestinian messaging). Recent OSINT also lists VFVCT as an emerging ransomware group, suggesting possible overlap between hacktivism and profit-motivated extortion, though detailed crypto-ransomware TTPs are not yet publicly documented.


Technique Technique name Tactics Evidence
T1190 Exploit Public-Facing Application TA0001
  • 2025-06-08 — Daily Dark Web reports that 'V FOR VENDETTA CYBER TEAM' breached the public-facing JDIH (Legal Documentation and Information Network) portal of the North Sulawesi Provincial Government (jdih.sulutprov.go.id), compromising the site and accessing its backend database as a protest against environmental plans in Raja Ampat. This implies exploitation of a vulnerable web application exposed to the internet. · ref
  • 2025-09-26 — A defacement page stored under an admin-panel path on srichaitanyatechnoscoolramapuram.net (an Indian educational site) titled 'PUBLIC MESSAGE — V For Vendetta Cyber Team' indicates compromise of the site's administrative web interface and replacement of assets, consistent with exploitation of a public-facing web application. · ref
T1491.002 External Defacement TA0040
  • 2025-09-26 — The 'Hacked By DZVY - NUMB_404 - V FOR VENDETTA CYBER TEAM' page on gateacadmeyeg.com shows a fully replaced course page with VFVCT branding and 'FREE PALESTINE, PALESTINE MUST BE FREE' slogans, demonstrating use of website defacement to deliver ideological messaging. · ref
  • 2025-09-26 — A defacement HTML file on srichaitanyatechnoscoolramapuram.net labelled 'V FOR VENDETTA CYBER TEAM WAS HERE' includes a manifesto-style 'PUBLIC MESSAGE' and theatrical breach log text, clearly replacing normal site content with political propaganda and group branding. · ref
T1213 Data from Information Repositories TA0009
  • 2025-06-08 — Reporting on the JDIH North Sulawesi breach states that VFVCT leaked a 4 MB database file containing multiple tables, including admin user credentials, access logs, agendas, legal drafts, circular letters, media galleries, and user data. This indicates that after compromising the JDIH web application, they accessed and exfiltrated data from the underlying information repository. · ref
T1585.001 Social Media Accounts TA0042
  • 2025-10-08 — Analytics for the Telegram channel 'V FOR VENDETTA CYBER TEAM backup' (vfcteam) show it being used to publish alliance lists, special thanks, and hacktivist slogans such as 'REMEMBER, REMEMBER FIFTH NOVEMBER' alongside VFVCT hashtags, indicating deliberate use of branded social media accounts for outreach and coordination. · ref
  • 2025-10-09 — The 'Team Azrael–Angel Of Death' Telegram channel urges followers to 'Follow Our Brother' via a link to 'NewVforvendetta', explicitly describing it as a backup channel from V FOR VENDETTA CYBER TEAM, further confirming VFVCT-operated or endorsed social-media accounts. · ref
T1585.003 Cloud Accounts TA0042
  • 2025-03-27 — The 'V FOR VENDETTA CYBER TEAM' Blogspot site (vfvct.blogspot.com) hosts a long-form manifesto ('Digital Revolutionaries') with Anonymous-style rhetoric, slogans like 'WE ARE THE STORM', and statements about targeting corrupt systems worldwide, illustrating use of a branded website to project messaging and support operations. · ref
T1587.001 Malware TA0042
  • 2025-10-20 — INFERENCE (confidence: low–medium): An October 2025 ASEC threat report lists VFVCT (V For Vendetta Cyber Team) among 'new ransomware groups' alongside Kyber, Nasir Security, Kryptos and Tengu. While no detailed samples are provided, classification as a ransomware group implies VFVCT or its operators have developed or adopted malware for ransomware operations. · ref
T1486 Data Encrypted for Impact TA0040
  • 2025-10-20 — INFERENCE (confidence: low–medium): The ASEC 'Ransom & Dark Web Issues Week 3, October 2025' post explicitly describes VFVCT as a 'new ransomware group', grouping it with other ransomware brands. Although specific encryption behavior is not publicly documented, this categorization suggests VFVCT is (or is being re-used as) a label for operations that encrypt victim data for impact and extortion. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-01-21T00:48:49+00:00

V For Vendetta Cyber Team (VFVCT)

Classification: TLP:WHITE — Hacktivist / Multi-cause

Status: Active (at least 2025–present)

Author: iQBlack Team



Executive Summary

V For Vendetta Cyber Team (VFVCT), also branded as VFVCT Team or Vendetta Cyber Team, is an emerging, Anonymous-styled hacktivist collective claiming operations against government and organizational websites worldwide. Publicly observed activity as of 2025 is dominated by website defacements and database breaches with data leaks, framed as protests against corruption, environmental harm and geopolitical causes such as “Free Palestine”.


A notable 2025 incident includes the breach of the North Sulawesi Provincial Government (Indonesia) legal documentation portal (jdih.sulutprov.go.id), where VFVCT allegedly exfiltrated and leaked a database (~4MB) containing admin credentials and government records, citing environmental plans in Raja Ampat as motivation. Public defacement pages and a dedicated blog present VFVCT as “digital revolutionaries” and a “resistance” against perceived injustice, explicitly aligned with the V for Vendetta / Anonymous visual and narrative style.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — V For Vendetta Cyber Team (VFVCT)

Actor type: Hacktivist collective (Anonymous-style, multi-cause)

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/11
Address Verification SOCMINT
t.me/+tK************** Restricted Not integrated
t.me/+jI************** Restricted Not integrated
t.me/+fy************** Restricted Not integrated
t.me/DbS**************** Restricted Not integrated
t.me/New************ Restricted Not integrated
t.me/+y9************** Restricted Not integrated
t.me/VFC**** Restricted Not integrated
Address Verification SOCMINT
vf***@proton.me Restricted Not integrated
vf********@proton.me Restricted Not integrated
Address Verification SOCMINT
vfvct5nov.netlify.app Restricted Not integrated
Address Verification SOCMINT
vfvct.github.io/VFV** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–6 of 6 images
Alliance with UNIT 2012022023 Free Preview
Alliance with UNIT 2012022023
Defaced website Free Preview
Defaced website
Alliance with Nation Of Saviors Free Preview
Alliance with Nation Of Saviors
Defaced website Free Preview
Defaced website
Alliance with NoName057(16) Free Preview
Alliance with NoName057(16)
Actor website evidence Free Preview
Actor website evidence
Showing 4 of 6 images in preview mode. Additional evidence is restricted for Analyst and Premium plans.