3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
QuietSec

QuietSec

ID: add05055fdb508b8a57823b9b39d899e97176
Hacktivist Group Hacktivism
Threat types: Hacktivism, Intrusion, Propaganda, Data Leak
Russia DNK, FRA, UKR
Updated: 2026-04-06
Created: 2026-02-22
Progress: 89% Completeness: 89% Freshness: 90%
Operation zone: Denmark, France, Ukraine
Aliases Limited alias preview
QuietSecurity
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium-high
Actor Techniques page ATT&CK® Diagram

QuietSec is a Telegram-based amplifier/aggregator that reposts and disseminates claim narratives from pro‑Russia hacktivist and leak actors (e.g., PerunSwaroga and «Смешarики»). The reviewed open record supports its role in social-platform coordination/propaganda and narrative acceleration rather than direct technical execution. ATT&CK mapping is therefore minimal and focuses on social media use; any disruption or intrusion techniques should be mapped to the original claiming operators unless direct evidence ties QuietSec to execution. Additional OSINT indicates QuietSec has also posted or amplified DDoS claims against resources associated with Ukraine, France, and Denmark via its official Telegram presence; these are treated as claim-based signals and should be validated with telemetry.


Technique Technique name Tactics Evidence
T1585.001 Social Media Accounts TA0042
  • 2026-02-22 — Telemetr post archive shows QuietSec reposting claim narratives; supports use of Telegram as the primary dissemination surface. · ref
  • 2026-02-22 — TGStat listing confirms QuietSec channel identity and indexing metadata. · ref
T1498 Network Denial of Service TA0040
  • 2026-02-22 — TGStat snippet for @QuietSecOfficial shows a check-host report and 'DDoS greetings' targeting Ukraine-support related resources; treated as officially posted/claimed on the QuietSec Telegram channel (claim-based). · ref
  • 2026-02-22 — TGStat snippet for @TwoNetchannel shows a forwarded post 'Forward from: QuietSec' describing DDoS attacks against Denmark's resident services portal (borger.dk) with check-host proof link (claim-based). · ref
  • 2026-02-22 — TGStat snippet for @TwoNetchannel shows a post with check-host proof link and #France tag; treated as a QuietSec-amplified/forwarded DDoS claim against French resources (claim-based). · ref
Strategic Intelligence
Limited preview
Last updated: 2026-03-03T23:18:52+00:00

QuietSec — Pro‑Russia Telegram Aggregator/Amplifier (Repost Hub for Hacktivist Claims)

Classification: TLP: WHITE — Open Source Intelligence (OSINT)

Category: Cyber / Hybrid — Propaganda & claim amplification; ecosystem signal node (not a confirmed standalone operator)

Assessed home base: INFERENCE: Russia‑aligned Telegram ecosystem (confidence: medium)



Executive Summary

QuietSec is assessed as a Telegram-centric amplifier/aggregator that curates and reposts content from pro‑Russia hacktivist and leak/disruption brands. Open indexing and post archives show QuietSec forwarding and quoting narratives linked to actors such as PerunSwaroga and «Смешарики», including “hack-and-leak” and disruption claim content.

The operational significance of QuietSec is its role as an ecosystem signal node: it increases reach, shortens propagation time of “operations” narratives, and can serve as an early-warning pivot for emerging targeting waves. Because the channel’s most evidenced function is reposting/curation, this profile treats QuietSec primarily as a distribution hub rather than a clearly defined actor executing attacks.

Confidence is high that QuietSec exists and functions as a repost/aggregation channel. Confidence is low–medium that QuietSec itself executes technical operations (insufficient direct evidence in reviewed sources). However, its amplification role can materially increase reputational and operational impact during campaign windows.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers — QuietSec


Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — QuietSec (Pro‑Russia Telegram Amplifier / Repost Hub)


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-23T02:46:23+00:00

IOC Appendix (TLP:WHITE) — QuietSec

Note: QuietSec is evidenced primarily as a repost hub; stable malware/C2 indicators are not attributable from reviewed OSINT. This appendix focuses on correlation cues and behavioral indicators relevant to amplified campaigns.

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-23T02:46:36+00:00

OSINT Library — QuietSec


2026-02-22 — TGStat — “QuietSec channel listing (@quietsecofficial) — overview and basic metadata”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/6
Address Verification SOCMINT
t.me/Qui************* Restricted Not integrated
t.me/+Gj************** Restricted Not integrated
t.me/Qui**************** Restricted Not integrated
t.me/Qui**************** Restricted Not integrated
t.me/Qui********** Restricted Not integrated
Address Verification SOCMINT
qu*******************@proton.me Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–4 of 4 images
Propaganda Free Preview
Propaganda
Propaganda Free Preview
Propaganda
Alliance with Keymous Team Free Preview
Alliance with Keymous Team
Alliance with Cyber Raw Bangladesh Free Preview
Alliance with Cyber Raw Bangladesh