3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Armenian Code

Armenian Code

ID: f2b22cd5501a6ec54f0e5999723d136231259
Cybercrime Hacktivist
Threat types: Hacktivism, Intrusion, ICS/SCADA
Armenia AZE, TUR
Updated: 2026-04-08
Created: 2026-03-21
Progress: 89% Completeness: 89% Freshness: 90%
Operation zone: Azerbaijan, Turkey
Aliases Limited alias preview
Armenian Code Group Armenian Code Team
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Armenian Code is an emerging pro-Armenian hacktivist cluster publicly observed in March 2026. Current reporting ties it to claimed DDoS-style disruption against Turkish defense-sector companies and to screenshot-based claims of access to symbolic control-system interfaces in Turkey and Azerbaijan. Confidence is highest for public branding and ideological targeting, and lower for sustained OT/ICS intrusion capability.


Technique Technique name Tactics Evidence
T1498 Network Denial of Service TA0040
  • 2026-03-16 — Public reporting states that Armenian Code claimed a large-scale DDoS campaign against Turkish defense-industry companies including MKE, BMC Otomotiv, CTech, RMK Marin, and Altınay Teknoloji. · ref
  • 2026-03-16 — A public social-media post summarized the same campaign as a large-scale DDoS operation against Turkey's defense industry. · ref
T1190 Exploit Public-Facing Application TA0001
  • 2026-03-18 — INFERENCE (confidence: medium): alleged access to irrigation and climate-control interfaces in Turkish greenhouses is most consistent with compromise or abuse of an exposed public-facing application or internet-reachable management panel. · ref
  • 2026-03-16 — INFERENCE (confidence: medium): an Instagram post referencing hacked access to an irrigation control system in Baku also fits exposed panel abuse rather than a deep enterprise intrusion chain. · ref
T1595 Active Scanning TA0043
  • 2026-03-17 — INFERENCE (confidence: medium): discovery of symbolic Turkish and Azerbaijani targets, including exposed control-system interfaces, likely required active reconnaissance or scanning of public-facing services. · ref
T1491.001 Internal Defacement TA0040
  • 2026-03-16 — INFERENCE (confidence: low-to-medium): repeated public references to attacking Turkish websites suggest website content-integrity abuse or defacement may be part of the actor's pattern, though available evidence is weaker than for DDoS claims. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-03-22T03:33:08+00:00

Armenian Code — Armenian nationalist hacktivist cluster with anti-Turkish / anti-Azerbaijani targeting claims

Classification: TLP:WHITE - Open Source Intelligence (OSINT)

Category: Hacktivism / Nationalist cyber activism - Origin: Assessed Armenian / pro-Armenian online milieu

Author: iQBlack CTI Team


Executive Summary

Armenian Code is best assessed as a small, publicly branded, pro-Armenian hacktivist cluster that emerged in open reporting during March 2026. The group’s observable activity is centered on public claims, social-media amplification, and ideologically framed targeting of Turkish and Azerbaijani entities, especially symbolic or politically resonant targets.

Public reporting and social-media traces indicate two main lines of activity. First, the group publicly claimed disruptive operations against Turkish defense-related companies and Turkish websites. Second, posts attributed to the group showcased screenshots allegedly showing access to irrigation, climate-control, and heating-control interfaces in Turkey and Azerbaijan. These intrusion-style claims materially increase concern, but the evidentiary base remains limited because the current record relies heavily on screenshots, reposts, and secondary reporting rather than independent forensic validation.


Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — Armenian Code

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Armenian Code


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-03-22T03:21:16+00:00

IOC Appendix — Armenian Code


More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-03-22T03:21:55+00:00

OSINT Library — Armenian Code


2026-03-09 — X / Bobswallower — “A new threat actor has emerged in the arena ...”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/6
Address Verification SOCMINT
t.me/arm************* Restricted Not integrated
t.me/arm********************* Restricted Not integrated
t.me/arm****************** Restricted Not integrated
t.me/arm************ Restricted Not integrated
t.me/arm******************** Restricted Not integrated
Address Verification SOCMINT
www.instagram.com/arm********** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–5 of 5 images
Hacked website Free Preview
Hacked website
Alliance with Dark Storm Team Free Preview
Alliance with Dark Storm Team
SCADA System targeted by Armenian Code Group Free Preview
SCADA System targeted by Armenian Code Group
SCADA System targeted by Armenian Code Group Free Preview
SCADA System targeted by Armenian Code Group
Remote control system (HMI – Human-Machine Interface) targeted by Armenian Code Group Free Preview
Remote control system (HMI – Human-Machine Interface) targeted by Armenian Code Group
Showing 4 of 5 images in preview mode. Additional evidence is restricted for Analyst and Premium plans.