3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Naxiel’z

Naxiel’z

ID: 10ef4106458d640e14612b93e92e595959166
Cybercrime Cybercriminal Hacktivist
Threat types: Hacktivism, Defacement, Intrusion, Data Leak
Mexico MEX
Updated: 2026-04-01
Created: 2026-03-28
Progress: 82% Completeness: 78% Freshness: 90%
Operation zone: Mexico
Aliases Limited alias preview
Naxiel'z Naxielz
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Naxiel’z is a persona assessed to operate within the Sociedad Privada 157 ecosystem, a Mexico-focused cluster publicly associated with defacement and data-exposure activity against public-sector and education-linked systems. Public evidence supports cluster association more strongly than precise individual technical attribution.


Technique Technique name Tactics Evidence
T1491.001 Internal Defacement TA0040
  • 2025-10-22 — Public social-media evidence and screenshots associate Naxiel’z with SP157-style defacement content on government-related sites. · ref
  • 2025-11-27 — Additional public screenshot evidence shows Naxiel’z embedded in multi-handle defacement strings tied to municipal targets. · ref
T1078 Valid Accounts TA0001 TA0003 TA0004 TA0005
  • 2025-11-08 — INFERENCE (confidence: medium): campaign-level reporting on SP157 repeatedly highlights weak credentials and absent 2FA as likely enabling factors in multiple public-sector and educational compromises. · ref
T1190 Exploit Public-Facing Application TA0001
  • 2025-11-08 — INFERENCE (confidence: medium): repeated compromise of internet-facing institutional systems suggests abuse of exposed public-facing applications or weakly administered services. · ref
T1505.003 Web Shell TA0003
  • 2025-10-22 — INFERENCE (confidence: medium): persistent defacement across public websites is consistent with transient web-shell use or direct server-side content modification, although tooling is not publicly documented for the persona. · ref
T1565.001 Stored Data Manipulation TA0040
  • 2025-10-14 — INFERENCE (confidence: medium): public-facing content replacement and unauthorized page alteration are consistent with stored data manipulation in web environments. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-04-01T16:07:24+00:00

Naxiel’z — persona associated with Sociedad Privada 157

Classification: TLP:WHITE - Open Source Intelligence (OSINT)

Category: Cybercrime / defacement and data-leak ecosystem persona - Origin: Mexico (assessed)

Author: iQBlack CTI Team


Executive Summary

Naxiel’z is assessed as a visible persona operating inside the Sociedad Privada 157 (SP157) ecosystem, a Mexico-focused cluster repeatedly linked in public reporting to defacements and data-exposure claims against public-sector and education-related systems. Publicly available material does not support treating Naxiel’z as an autonomous group; rather, the persona appears as one of several handles co-branded in attack messages, screenshots, and attribution narratives surrounding SP157 activity.

Observed mentions place Naxiel’z alongside other recurring names such as Mzk, Marssepe / Marsepepe, L0stex and A1z157 in defacement banners and incident commentary. This pattern suggests a collaborative or at least co-signing operating environment in which individual personas contribute to visibility, claimed participation, or limited operational roles within a broader campaign ecosystem.

OSINT currently supports a moderate-confidence assessment that Naxiel’z is a member or close affiliate of SP157 and that the persona has been publicly associated with multiple intrusions or defacement events affecting Mexican government-related infrastructure. However, public evidence remains weak for assigning precise technical responsibilities, rank, or infrastructure ownership to the persona individually.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — Naxiel’z

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Naxiel’z / Sociedad Privada 157 persona-linked activity


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-04-01T16:28:14+00:00

IOC Appendix — Naxiel’z

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-04-01T16:28:28+00:00

OSINT Library — Naxiel’z


2025-10-22 — Ignacio Gómez Villaseñor / X — “⚠️ ALERTA | CIBERATAQUE CONTRA LA SECRETARÍA ...”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.