3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Morningstar

Morningstar

ID: 064b1dd62886517f23389d1fe8e63e4991975
Hacktivist Group Hacktivism
Threat types: Hacktivism
Russia ARM, AUS, AUT, AZE, BEL, CAN, CYP, CZE, DNK, FIN, FRA, DEU, HUN, ISR, ITA, LVA, LTU, MDA, NLD, POL, PRT, ROU, ESP, SWE, CHE, UKR, GBR, USA
Updated: 2026-04-13
Created: 2026-02-24
Progress: 95% Completeness: 97% Freshness: 100%
Operation zone: Armenia, Australia, Austria, Azerbaijan, Belgium, Canada, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Hungary, Israel, Italy, Latvia, Lithuania, Moldova, Netherlands, Poland, Portugal, Romania, Spain, Sweden, Switzerland, Ukraine, United Kingdom, United States
Aliases Limited alias preview
Morning Star
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: low
Actor Techniques page ATT&CK® Diagram

Morningstar is an OSINT-sparse hacktivist label with limited corroborated reporting. The only clearly attributable OSINT mention identified in the available sources is a high-level note that Morningstar accessed random public CCTV cameras. No stable infrastructure, membership, or consistent victimology is verifiable from open sources at this time. Defensive focus should therefore be exposure-driven (CCTV/NVR/VMS management-plane hardening and monitoring) rather than actor-specific IOCs.


Technique Technique name Tactics Evidence
T1595 Active Scanning TA0043
  • 2026-02-24 — INFERENCE (confidence: low): accessing random public CCTV cameras likely requires discovery/scanning of exposed devices or panels. · ref
T1110 Brute Force TA0006
  • 2026-02-24 — INFERENCE (confidence: low): opportunistic CCTV access frequently leverages default/weak credential guessing on exposed management planes. · ref
T1133 External Remote Services TA0001 TA0003
  • 2026-02-24 — INFERENCE (confidence: low): CCTV access suggests use/abuse of external remote services or exposed admin interfaces. · ref
T1498 Network Denial of Service TA0040
  • 2025-12-18 — INFERENCE (confidence: low): if Morningstar is aligned with pro-Russia hacktivist ecosystems, DDoS may be a plausible adjacent tactic; no direct Morningstar-specific evidence identified. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-04-11T05:50:13+00:00

Morningstar

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers — Morningstar


Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Morningstar (OSINT-sparse hacktivist label; CCTV/IoT exposure pattern)


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-03-22T02:13:37+00:00

IOC Appendix — Morningstar (Operational Seed Set)


More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-04-05T04:05:01+00:00

OSINT Library — Morningstar


2026-02-24 — iQBlack — “Morningstar: what an emerging and active actor reveals about the pro-Russian hacktivist ecosystem”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/6
Address Verification SOCMINT
x.com/op_************ Restricted Not integrated
x.com/0p_*********** Restricted Not integrated
Address Verification SOCMINT
t.me/op_*********** Restricted Not integrated
t.me/+Gk************** Restricted Not integrated
Address Verification SOCMINT
max.ru/joi********************************************* Restricted Not integrated
Address Verification SOCMINT
be********@proton.me Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–12 of 22 images
CCTV cameras hacked. Evidence Free Preview
CCTV cameras hacked. Evidence
CCTV cameras hacked. Evidence Free Preview
CCTV cameras hacked. Evidence
Propaganda Free Preview
Propaganda
CCTV cameras hacked. Evidence Free Preview
CCTV cameras hacked. Evidence
CCTV cameras hacked. Evidence Free Preview
CCTV cameras hacked. Evidence
CCTV cameras hacked. Evidence Free Preview
CCTV cameras hacked. Evidence
CCTV cameras hacked. Evidence Free Preview
CCTV cameras hacked. Evidence
Alliance with Z-Pentest Alliance Free Preview
Alliance with Z-Pentest Alliance
CCTV cameras hacked. Evidence Free Preview
CCTV cameras hacked. Evidence
CCTV cameras hacked. Evidence Free Preview
CCTV cameras hacked. Evidence
CCTV cameras hacked. Evidence Free Preview
CCTV cameras hacked. Evidence
CCTV cameras hacked. Evidence Free Preview
CCTV cameras hacked. Evidence
CCTV cameras hacked. Evidence Free Preview
CCTV cameras hacked. Evidence
CCTV cameras hacked. Evidence Free Preview
CCTV cameras hacked. Evidence
CCTV cameras hacked. Evidence Free Preview
CCTV cameras hacked. Evidence
CCTV cameras hacked. Evidence Free Preview
CCTV cameras hacked. Evidence
CCTV cameras hacked. Evidence Free Preview
CCTV cameras hacked. Evidence
CCTV cameras hacked. Evidence Free Preview
CCTV cameras hacked. Evidence
Alliance with NoName057(16) Free Preview
Alliance with NoName057(16)
CCTV cameras hacked. Evidence Free Preview
CCTV cameras hacked. Evidence
CCTV cameras hacked. Evidence Free Preview
CCTV cameras hacked. Evidence
CCTV cameras hacked. Evidence Free Preview
CCTV cameras hacked. Evidence
Showing 4 of 22 images in preview mode. Additional evidence is restricted for Analyst and Premium plans.