3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
DieNET

DieNET

ID: fffde68e280e1bf2b17783b612802c1b15404
Hacktivist Group Hacktivism
Threat types: Hacktivism, Intrusion, DDoS‑as‑a‑Service
Russia BHR, JOR, KWT, QAT, SAU, ARE, USA
Updated: 2026-03-14
Created: 2026-02-21
Progress: 85% Completeness: 92% Freshness: 70%
Operation zone: Bahrain, Jordan, Kuwait, Qatar, Saudi Arabia, United Arab Emirates, United States
Aliases Limited alias preview
DieNet Cyber Team DieNet Media Corporation Di*********
Showing 2 of 3 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

DieNET is a pro‑Russia‑aligned hacktivist brand referenced in OSINT primarily for DDoS disruption and an ecosystem role that emphasizes shared capacity/infrastructure (DDoS-as-a-service style enablement). A dedicated Orange Cyberdefense group investigation provides core characterization. Evidence supports DDoS disruption and propaganda/cross-promotion dynamics typical of coalition operations; specific infrastructure details are limited in open sources. Reconnaissance and capacity-sharing steps are marked as INFERENCE where not directly evidenced.


Technique Technique name Tactics Evidence
T1498 Network Denial of Service TA0040
  • 2024-06-01 — OSINT group investigation describes DieNET within a pro‑Russia DDoS ecosystem and discusses DDoS operations and infrastructure-sharing narratives. · ref
  • 2025-12-18 — Government advisory describes opportunistic pro‑Russia hacktivist disruptive attacks and coalition dynamics affecting critical infrastructure and public services. · ref
T1585.001 Social Media Accounts TA0042
  • 2024-06-01 — OSINT report emphasizes Telegram-style coordination/propaganda and cross-promotion behavior in the ecosystem. · ref
T1583.006 Web Services TA0042
  • 2024-06-01 — INFERENCE (confidence: medium): OSINT report discusses infrastructure/capacity sharing consistent with use of shared services and pooled attack capacity. · ref
T1595 Active Scanning TA0043
  • 2024-06-01 — INFERENCE (confidence: medium): DDoS targeting implies discovery and validation of exposed endpoints prior to waves. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-02-23T01:23:39+00:00

DieNET — Pro‑Russia‑Aligned Hacktivist Brand (DDoS‑as‑a‑Service / Capacity‑Sharing Node)

Classification: TLP: WHITE — Open Source Intelligence (OSINT)

Category: Cyber / Hacktivism — DDoS disruption + infrastructure/capacity sharing; coalition adjacency

Assessed home base: Unclear / transnational; consistently described as pro‑Russia‑aligned in OSINT


Executive Summary

DieNET is assessed as a pro‑Russia‑aligned hacktivist brand primarily associated with DDoS disruption and with an ecosystem role that emphasizes capacity/infrastructure sharing. An Orange Cyberdefense group investigation provides the core profile evidence in reviewed sources, describing DieNET within a broader pro‑Russian hacktivist ecosystem that uses Telegram‑style coordination, coalition branding, and recurring DDoS campaign waves.

Across ecosystem reporting, pro‑Russia hacktivist DDoS campaigns tend to be coalition‑driven and opportunistic, with rapid retargeting across government and public services. Within that context, DieNET is best modeled as a capacity node: an actor whose value is not only the execution of DDoS waves but the enablement of other brands through shared infrastructure, “DDoS-as-a-service” style support, or campaign amplification.

Confidence is medium–high that DieNET is a real brand referenced in OSINT and tied to pro‑Russia DDoS ecosystems. Confidence is medium regarding the extent of its infrastructure-sharing role and specific technical capabilities, because open reporting provides limited stable infrastructure artifacts and the ecosystem is highly claim-driven.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers — DieNET


Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — DieNET (Coalition DDoS + Capacity Sharing)


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-23T01:24:33+00:00

IOC Appendix (TLP:WHITE) — DieNET

Note: Reviewed OSINT emphasizes DDoS disruption and coalition dynamics rather than stable malware/C2 indicators for DieNET. This appendix focuses on behavioral indicators and correlation cues.

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-23T01:24:43+00:00

OSINT Library — DieNET


2024-06-01 — Orange Cyberdefense (PDF) — “DieNET Group — Cyber Intelligence Bureau (group investigation)”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/10
Address Verification SOCMINT
t.me/die**** Restricted Not integrated
t.me/dns********* Restricted Not integrated
t.me/NRT****** Restricted Not integrated
t.me/dnn***** Restricted Not integrated
t.me/Die********* Restricted Not integrated
t.me/Die********* Restricted Not integrated
t.me/DIe*** Restricted Not integrated
t.me/die**** Restricted Not integrated
Address Verification SOCMINT
diedetector.ct.ws Restricted Not integrated
dienet-cc.github.io/pub******** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–2 of 2 images
Reference image Free Preview
Reference image
Propaganda Free Preview
Propaganda