3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Cyb3r Drag0nz

Cyb3r Drag0nz

ID: 741b9c48141d50c355bd01dc51eeeb3582254
Hacktivist Group DDoS Crew Hacktivism
Threat types: Hacktivism, Intrusion, Defacement, DDoS Attack, DoS, data Leak, Pro-Hamas, Anti-Israel
Unknown ISR, MAR
Updated: 2026-04-08
Created: 2025-10-23
Progress: 94% Completeness: 96% Freshness: 90%
Operation zone: Israel, Morocco
Aliases Limited alias preview
Cyb3r Army Cyb3r Drag0nz TeaM Cy************** Cy****************
Cy*********** Cy***********
Showing 2 of 6 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Cyb3r Drag0nz (Cyb3r Drag0nz Team) is a hacktivist brand widely described as pro-Hamas/anti-Israel, associated with DDoS/DoS disruption, website defacement, and data leak claims. In early 2026 escalation reporting, it is described as reactivated/emerging and claiming coalition alignment with an 'Islamic Resistance Axis' operations room. Activity is claim-led and should be validated by telemetry.


Technique Technique name Tactics Evidence
T1585 Establish Accounts TA0042
  • 2026-03-03 — Public coalition signaling and claim amplification via social channels is described in escalation reporting. · ref
T1498 Network Denial of Service TA0040
  • 2023-11-01 — Vendor reporting describes DDoS activity attributed/claimed by Cyb3r Drag0nz Team against Israeli targets. · ref
T1491.002 External Defacement TA0040
  • 2026-03-01 — Defacement claims with coalition banner branding referenced in escalation reflection reporting. · ref
  • 2023-11-01 — Vendor reporting describes a history of website defacements attributed/claimed by the group. · ref
T1567.002 Exfiltration to Cloud Storage TA0010
  • 2023-11-01 — Data leak activity is described; disclosure mechanism varies and is often campaign-scoped (claims may require validation). · ref
T1595 Active Scanning TA0043
  • 2026-03-03 — INFERENCE (confidence: medium): trigger-driven targeting and validation of reachable web services is implied by described hacktivist operations model. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-03-15T01:02:03+00:00

Cyb3r Drag0nz - Hacktivist group / coalition-aligned brand (disruption + defacement + data-leak claims)

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers — Cyb3r Drag0nz

Classification: Unclassified / OSINT — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Cyb3r Drag0nz

Goal: detect DDoS/DoS and defacement activity, quantify real impact vs claim noise, and catch opportunistic compromise attempts that may occur during disruption windows.

Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-03-05T21:35:36+00:00

IOC Appendix — Cyb3r Drag0nz

Classification: Unclassified / OSINT — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-03-05T22:00:53+00:00

OSINT Library — Cyb3r Drag0nz


2026-03-03 — Sophos (CTU) — “Hacktivist campaigns increase as United States, Iran, and Israel conflict intensifies”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/21
Address Verification SOCMINT
x.com/Cyb********** Restricted Not integrated
Address Verification SOCMINT
t.me/Cyb*********** Restricted Not integrated
t.me/Cyb************ Restricted Not integrated
t.me/Cyb********** Restricted Not integrated
t.me/KRD************ Restricted Not integrated
t.me/Cyb************* Restricted Not integrated
t.me/Cyb************* Restricted Not integrated
t.me/Cyb************ Restricted Not integrated
t.me/Cyb*********** Restricted Not integrated
t.me/for******** Restricted Not integrated
t.me/Cyb************* Restricted Not integrated
t.me/Cyb********** Restricted Not integrated
t.me/Cyb*************** Restricted Not integrated
t.me/Cyb********************* Restricted Not integrated
t.me/Cyb************** Restricted Not integrated
t.me/Cyb****************** Restricted Not integrated
t.me/Cyb******************* Restricted Not integrated
t.me/Cyb********** Restricted Not integrated
t.me/Cyb********** Restricted Not integrated
t.me/+no************** Restricted Not integrated
Address Verification SOCMINT
cy***********@proton.me Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–5 of 5 images
Reference image Free Preview
Reference image
Hacked website Free Preview
Hacked website
Intrusion / Propaganda Free Preview
Intrusion / Propaganda
Hacked website Free Preview
Hacked website
Propaganda Free Preview
Propaganda
Showing 4 of 5 images in preview mode. Additional evidence is restricted for Analyst and Premium plans.