3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
XakNet Team

XakNet Team

ID: 851fdc290bdddd300a25d108bd83b22198602
Hacktivist Group Hacktivism
Threat types: Hacktivism.Intrusion, DDoS
Russia UKR, USA
Updated: 2026-04-07
Created: 2025-10-18
Progress: 80% Completeness: 75% Freshness: 90%
Operation zone: Ukraine, United States
Aliases Limited alias preview
XakNet XakNet_Team Xa******** X*****
Showing 2 of 4 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: high
Actor Techniques page ATT&CK® Diagram

XakNet Team is a pro-Russia hacktivist collective active since March 2022 that conducts hack-and-leak operations and propaganda-driven DDoS claims against Ukraine and pro-Ukraine entities; government and vendor reporting record a late-March-2022 email leak from a Ukrainian official and assess coordination with GRU in selected cases.


Technique Technique name Tactics Evidence
T1078 Valid Accounts TA0001 TA0003 TA0004 TA0005
  • 2022-05-09 — Advisory notes a late-March-2022 XakNet leak of a Ukrainian official’s emails, implying mailbox access via valid/stolen credentials. · ref
T1190 Exploit Public-Facing Application TA0001
  • 2022-07-14 — Canadian CYBER centre bulletin describes XakNet claims of breaching the Ukrainian MFA and releasing exfiltrated documents via social media. · ref
T1565.002 Transmitted Data Manipulation TA0040
  • 2022-07-14 — Hack-and-leak releases via social media/file-sharing channels to drive narratives. · ref
T1498 Network Denial of Service TA0040
  • 2024-05-01 — CISA/FBI fact sheet documents pro-Russia hacktivists conducting DDoS and related activity for effect and online amplification. · ref
Strategic Intelligence
Limited preview
Last updated: 2025-10-24T00:38:46+00:00
XAKNET TEAM — Pro-Russia hack-and-leak/DDoS collective aligned with wartime information operations (2022–present)

CLASSIFICATION: Unclassified / Open Source


Executive Summary

XakNet Team is a pro-Russia hacktivist collective that surfaced in 2022-03 during the full-scale invasion of Ukraine, conducting hack-and-leak operations and propaganda-heavy DDoS claims against Ukrainian government entities and countries supporting Ukraine. A U.S.-led joint advisory on 2022-05-09 recorded that, in late March 2022, XakNet leaked the email contents of a Ukrainian government official accompanied by a political statement, indicating a hack-and-leak/IO nexus. Independent government and vendor reporting subsequently assessed coordination/affiliation with Russian state interests: Mandiant (2022-09-23) identified evidence connecting XakNet administrators to the GRU through timing and provenance of Ukrainian intrusions and leaks. Overall confidence in these core facts is high based on official advisories and primary vendor analysis.


  • Industries/Sectors: Government ministries and agencies; political/foreign affairs; (secondarily) public-facing services and media properties tied to Ukraine or pro-Ukraine coalitions.
  • Geography (Region): Primarily Ukraine, with spillover targeting of supporting states (NATO/EU members) through opportunistic DDoS/IO.
  • Countries (if available): Ukraine (MFA, senior officials); broader “pro-Ukraine” countries (various claims).
  • Timeframe: 2022–2025 (first public activity March–May 2022; continued mentions in government/vendor reporting through 2024–2025).
Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/14
Address Verification SOCMINT
t.me/xak******** Restricted Not integrated
t.me/Xak******** Restricted Not integrated
t.me/xnt******* Restricted Not integrated
t.me/xnt***** Restricted Not integrated
t.me/xak******* Restricted Not integrated
t.me/Xak******** Restricted Not integrated
t.me/xak******** Restricted Not integrated
t.me/mem************ Restricted Not integrated
t.me/Xak*********** Restricted Not integrated
t.me/Xak************** Restricted Not integrated
t.me/Xak************** Restricted Not integrated
Address Verification SOCMINT
in**@xaknet.team Restricted Not integrated
[email protected] Restricted Not integrated
Address Verification SOCMINT
xaknet.team Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–4 of 4 images
Hacked website evidence Free Preview
Hacked website evidence
Propaganda Free Preview
Propaganda
Propaganda Free Preview
Propaganda
Affiliation with another group Free Preview
Affiliation with another group