3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Cyber Support Front

Cyber Support Front

ID: bb459fd9ec3557e894d7ae2bc86a34ed
Hacktivist Group Hacktivism
Threat types: Hacktivism, Intrusion, DDoS, Pro-Palestine, Anti-Israel
Iran ISR
Updated: 2026-03-15
Created: 2026-03-04
Progress: 91% Completeness: 100% Freshness: 70%
Operation zone: Israel
Aliases Limited alias preview
Al-Isnad al-Sibarania Front al-Jabha al-Isnad al-Sayberaniyah C**** C**
C***** Cy**************** Fr*************************** ال***********************
Showing 2 of 8 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Cyber Support Front is a pro-Palestinian, anti-Israel hybrid hacktivist/proxy-style brand that emerged in June 2025 during Israel-Iran escalation. Public reporting most strongly supports Telegram-led threat signaling, DDoS/disruption narratives, selective leak publication, and claim-heavy operations against Israeli critical infrastructure, communications, and defense-adjacent targets.


Technique Technique name Tactics Evidence
T1498 Network Denial of Service TA0040
  • 2025-06-20 — The actor announced large-scale attacks against Israeli critical infrastructure in a period marked by sharply increased DDoS activity against Israel. · ref
  • 2026-03-01 — Sophos CTU assessed that emerging and reactivated pro-Iran groups including Cyber Support Front were mainly engaging in unsophisticated tactics and broad claims, consistent with common hacktivist DDoS/disruption patterns. · ref
T1567 Exfiltration Over Web Service TA0010
  • 2025-10-28 — INFERENCE (confidence: medium): public claims that files and images were obtained from Maya Defense Industries imply exfiltration or staged transfer of data to actor-controlled publication workflows. · ref
  • 2025-10-31 — Follow-on reporting described release or sale of confidential Maya documents and employee identities via the actor's public channels. · ref
T1087 Account Discovery TA0007
  • 2025-10-31 — INFERENCE (confidence: medium): publication of identities and personal details of Maya staff is consistent with collection or enumeration of account/personnel information before release. · ref
T1491.001 Internal Defacement TA0040
  • 2026-03-01 — INFERENCE (confidence: low-medium): while defacement is not uniquely confirmed for this actor, Sophos notes that many groups in the same campaign environment relied on website defacement and public-facing impact alongside exaggerated claims. · ref
T1485 Data Destruction TA0040
  • 2026-03-04 — INFERENCE (confidence: low-medium): the actor claimed destruction of sensitive data and documents in the March 2026 communications-infrastructure operation, but the destructive impact remains publicly unverified. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-03-15T13:53:41+00:00

Cyber Support Front / al-Jabha al-Isnad al-Sayberaniyah / Cyber Isnaad Front

Classification: TLP:WHITE — (Cyber / Pro-Iran Hybrid Hacktivist Brand / Crisis-Era Influence-and-Disruption Persona)

Author: iQBlack Team


Executive Summary

Cyber Support Front is a pro-Palestinian, anti-Israel cyber actor brand that publicly emerged on 2025-06-19 amid the rapid escalation of direct and proxy confrontation between Israel and Iran. In its founding statement, the group described itself as a cyber front composed of experts from several Arabic countries and explicitly aligned its activity with the “resistance front” against Israel. Public reporting from 2025 through early 2026 places the actor inside the broader ecosystem of pro-Iran and “axis of resistance” hacktivist messaging that intensified around wartime events, especially against Israeli critical infrastructure, government communications, and defense-adjacent targets.


The strongest open-source evidence for Cyber Support Front concerns public declarations, Telegram-centered propaganda, threat signaling, leak publication, and crisis-time amplification. Its most notable publicized incident was the late-2025 claim that it had compromised Maya Defense Industries and obtained information connected to Israel’s Iron Beam and other advanced systems. In early March 2026, the group again claimed a large operation against Israeli military and government communications infrastructure. These claims received amplification through Iranian and pro-Iran media channels, but independent technical validation remains partial and uneven.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — Cyber Support Front

Classification: TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Cyber Support Front


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-03-15T13:54:44+00:00

IOC Appendix — Cyber Support Front

TLP: WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-03-15T13:56:31+00:00

OSINT Library — Cyber Support Front

2025-06-19 — Tasnim News Agency — "Anti-Israeli Cyber Group Vows to Target Zionists’ Infrastructures"

https://www.tasnimnews.ir/en/news/2025/06/19/3338435/anti-israeli-cyber-group-vows-to-target-zionists-infrastructures

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/11
Address Verification SOCMINT
x.com/CIF*** Restricted Not integrated
Address Verification SOCMINT
t.me/Cyb************** Restricted Not integrated
t.me/Cyb************** Restricted Not integrated
t.me/Cyb************** Restricted Not integrated
t.me/Cyb************** Restricted Not integrated
t.me/Cyb******************** Restricted Not integrated
t.me/Cyb*************** Restricted Not integrated
t.me/Cyb************* Restricted Not integrated
Address Verification SOCMINT
ric*************************************************************** Restricted Not integrated
Address Verification SOCMINT
7yp*********************************************************** Restricted Not integrated
2uh*********************************************************** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–4 of 4 images
Onion website Free Preview
Onion website
Propaganda Free Preview
Propaganda
Statement Free Preview
Statement
Logo Free Preview
Logo