3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Monte Melkonian Cyber Army

Monte Melkonian Cyber Army

ID: e6772ccc6d804c7dbe76489cd77df26376617
Hacktivist Group Defacement Crew Hacktivism
Threat types: Defacement, Data Leak
Armenia ALB, AZE, BGD, BEL, IND, NLD, QAT, RUS, TUR
Updated: 2026-01-13
Created: 2025-10-13
Progress: 68% Completeness: 76% Freshness: 50%
Operation zone: Albania, Azerbaijan, Bangladesh, Belgium, India, Netherlands, Qatar, Russia, Turkey
Aliases Limited alias preview
MMCA MonteMelkonianCyberArmy
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Monte Melkonian Cyber Army (MMCA) — Armenian hacktivist label active in at least 2015–2020. Open sources attribute to MMCA multi-site defacements (incl. state sites), forum compromise with database exposure, and a 2020 operation claiming access to Azerbaijani government email systems and large-scale document leakage; one report alleges destructive impact against an Azerbaijani agribusiness network.


Technique Technique name Tactics Evidence
T1491.002 External Defacement TA0040
  • 2015-06-30 — Armenpress reports MMCA hacked 47 Azerbaijani websites, including state sites, and published passport data of 5,700 Azerbaijanis. · ref
  • 2017-04-07 — ARKA/ARCATelecom: MMCA states it 'broke' one of the biggest Azerbaijani forums (forum.azeri.net) and made the 'entire base' (names, passwords, emails, IPs) available. · ref
T1078 Valid Accounts TA0001 TA0003 TA0004 TA0005
  • 2020-10-31 — Public Radio of Armenia quotes MMCA: 'We successfully logged in to Azerbaijani governmental emails system' and leaked about a gigabyte of documents (incl. presidential office). · ref
T1041 Exfiltration Over C2 Channel TA0010
  • 2020-10-31 — Same report indicates a downloadable data package (approx. 1GB) shared by MMCA after gaining access to government email systems. · ref
T1486 Data Encrypted for Impact TA0040
  • 2020-11-16 — ARKA/ARCATelecom cites MMCA claim that AgroDairy network's critical services were taken down and 'all information on employees' servers and computers is encrypted'. · ref
T1490 Inhibit System Recovery TA0040
  • 2020-11-16 — In the same AgroDairy incident, MMCA claims backups were deleted and cloud backups removed, inhibiting recovery. · ref
Strategic Intelligence
Limited preview
Last updated: 2025-10-14T03:29:56+00:00

Monte Melkonian Cyber Army (MMCA) Hacktivist Group

CLASSIFICATION: Unclassified / Open Source


Executive Summary

Open sources place the Monte Melkonian Cyber Army (MMCA) as an Armenian hacktivist label with observed activity from 2015 to 2020. Credible media report multi-site defacements including state domains and exposure of personal data (2015) and a forum compromise with database leak claims (2017). During the 2020 Nagorno-Karabakh escalation, MMCA claimed access to Azerbaijani government email systems and released ~1GB of documents; a separate report alleges destructive impact against a major agribusiness network (encryption, backup deletion). While the branding invokes the legacy of Monte Melkonian, evidence linking MMCA to designated terrorist organizations is not established in open sources; any such link remains unproven. Overall confidence is medium, based on multiple independent outlets echoing MMCA claims and artifacts of release, balanced against limited primary technical detail and reliance on revendicative statements. 



Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/4
Address Verification SOCMINT
x.com/mmc********** Restricted Not integrated
Address Verification SOCMINT
www.facebook.com/MMC********* Restricted Not integrated
Address Verification SOCMINT
t.me/mmc********* Restricted Not integrated
Address Verification SOCMINT
www.youtube.com/@mo************************* Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–10 of 10 images
Hacked website evidence Free Preview
Hacked website evidence
25000 soliders DB Hacked Free Preview
25000 soliders DB Hacked
Logo used in hacked websiites Free Preview
Logo used in hacked websiites
Hacked website evidence Free Preview
Hacked website evidence
Hacked website evidence Free Preview
Hacked website evidence
Hacked website evidence Free Preview
Hacked website evidence
Banner used in X (ex Twitter) account Free Preview
Banner used in X (ex Twitter) account
Avatar used in X account Free Preview
Avatar used in X account
Hacked website evidence Free Preview
Hacked website evidence
Hacked website evidence Free Preview
Hacked website evidence
Showing 4 of 10 images in preview mode. Additional evidence is restricted for Analyst and Premium plans.