3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Mzk

Mzk

ID: eaaefc39fb86989c66d4d6b39d79410223923
Cybercrime Cybercriminal Hacktivist
Threat types: Hacktivism, Intrusion, Defacement, Data Leak
Mexico MEX
Updated: 2026-03-31
Created: 2026-03-28
Progress: 78% Completeness: 73% Freshness: 90%
Operation zone: Mexico
Aliases Limited alias preview
No aliases registered.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Mzk is a cluster-linked persona repeatedly associated with Sociedad Privada 157 in public reporting on public-sector website compromise, defacement, and possible data-exposure activity centered on Mexico.


Technique Technique name Tactics Evidence
T1491.001 Internal Defacement TA0040
  • 2025-10-05 — Public reporting on the C5 CDMX website defacement showed a signature including Mzk, consistent with internal website defacement. · ref
  • 2026-02-15 — Public reporting on the Parácuaro municipal website defacement showed Mzk in the visible attack signature alongside Sociedad Privada 157-linked aliases. · ref
T1190 Exploit Public-Facing Application TA0001
  • 2025-12-11 — INFERENCE (confidence: medium): The public warning material centered on exposed public-sector services, CMS paths, and internet-facing administration surfaces, supporting exploitation of public-facing applications as a likely access route in the associated ecosystem. · ref
T1078 Valid Accounts TA0001 TA0003 TA0004 TA0005
  • 2025-12-11 — INFERENCE (confidence: medium): The warning product emphasized immediate password changes and removal of unauthorized users across CMS, hosting, SSH, and databases, making valid-account abuse a plausible pattern in the cluster’s operations. · ref
T1505.003 Web Shell TA0003
  • 2025-12-11 — INFERENCE (confidence: medium): Guidance to search for suspicious .php, .jsp, .js, .bak, .zip, and .rar files in common web paths supports web-shell or script-based persistence/staging as a realistic tradecraft pattern in the associated ecosystem. · ref
T1567 Exfiltration Over Web Service TA0010
  • 2025-12-11 — INFERENCE (confidence: medium): The warning product explicitly mentioned Telegram API traffic as relevant to exfiltration or automated communications, supporting exfiltration or operator communication through web services. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-03-31T03:10:22+00:00

Mzk — Associated persona within Sociedad Privada 157

Classification: TLP:WHITE - Open Source Intelligence (OSINT)

Category: Cybercrime / Defacement and data-exposure ecosystem - Origin: Mexico (INFERENCE, confidence: medium)

Author: iQBlack CTI Team


Executive Summary

Mzk is assessed as a public-facing or semi-public alias associated with the Mexican cybercriminal cluster Sociedad Privada 157. Public reporting does not support a rich standalone profile for Mzk as an independent “brand”; instead, the observable pattern is repeated inclusion of the alias in defacement signatures, campaign warnings, and collaborator listings tied to attacks against public-sector digital infrastructure in Mexico and nearby regional targets.


[OSINT | B2] Publicly available reporting links Mzk to Sociedad Privada 157 activity through repeated appearance in incident imagery and actor lists tied to defacement campaigns affecting government or quasi-government portals. [OSINT | B3] Open reporting also suggests overlap between the broader Sociedad Privada 157 environment and the Chronus Team ecosystem, particularly where alerts describe possible joint or aligned activity rather than strict organizational unity.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — Mzk

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Mzk / Sociedad Privada 157-associated activity


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-03-31T03:13:19+00:00

IOC Appendix — Mzk

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-03-31T03:13:36+00:00

OSINT Library — Mzk


2025-10-05 — Instagram / media repost — “C5 CDMX defacement reporting showing Sociedad Privada 157 branding including Mzk”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.