3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
РУБЕЖ

РУБЕЖ

ID: 1a4a1db4c07d0dc3f48f8fcc186b61f340140
Hacktivist Group Hacktivism
Threat types: Hacktivism, Intrusion, DDoS Attack
Russia
Updated: 2026-02-23
Created: 2026-02-22
Progress: 70% Completeness: 70% Freshness: 70%
Operation zone:
Aliases Limited alias preview
Frontier RUBEZH
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

РУБЕЖ (Frontier) is a Telegram-centric pro‑Russia entity combining claim-driven disruption narratives (DDoS-style 'cyberstrike' posts with third-party status links) with operation and monetization of a paid OSINT bot (@FireRaize_bot) offering API access and identity lookup/enrichment features (including name + birthdate searches and 'private database' additions). Evidence strongly supports social-platform coordination/propaganda and the existence/maintenance of the bot service. DDoS impacts are claim-driven and should be validated with telemetry. Identity data collection/enrichment is modeled as an enablement capability based on advertised features.


Technique Technique name Tactics Evidence
T1585.001 Social Media Accounts TA0042
  • 2026-02-22 — TGStat lists @Frontier_channel and references the project bot @FireRaize_bot; indicates social-platform coordination and promotion. · ref
  • 2026-01-30 — Telemetrio captures repeated bot maintenance and feature announcements used to coordinate service changes with users. · ref
T1498 Network Denial of Service TA0040
  • 2026-02-06 — Channel post claims a joint cyberstrike with Bogatyrskaya Zastava and provides check-host status links for named targets; treat impact as claim-driven without victim telemetry. · ref
T1589 Gather Victim Identity Information TA0043
  • 2026-01-30 — Telemetrio content describes OSINT bot feature additions enabling identity search by name + birthdate (FIO+bdate) and database ingestion; supports victim identity information collection/enrichment enablement. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-02-23T03:03:35+00:00

РУБЕЖ (Frontier) — Pro‑Russia Telegram Hacktivist/OSINT Team (DDoS Claims + Paid OSINT Bot)

Classification: TLP: WHITE — Open Source Intelligence (OSINT)

Category: Cyber / Hybrid — Hacktivist-style disruption claims + data-enrichment / doxxing‑adjacent OSINT service

Assessed home base: Unclear; TGStat metadata indicates Russia/Russian audience context for the channel



Executive Summary

РУБЕЖ (“Frontier”) is a Telegram‑centric entity that combines two observable behaviors in open sources: (1) pro‑Russia, war‑framed “cyberstrike” claim posts (primarily DDoS‑style disruption claims with check-host status links), and (2) promotion and operation of a paid “OSINT bot” project named @FireRaize_bot, including API access, subscription mechanisms (Telegram Stars), and frequent announcements of new database ingestion and feature upgrades.

In February 2026, posts attributed to the channel claim a joint “точечный киберудар” (targeted cyber strike) with “Богатырская Застава,” naming two Ukrainian‑linked targets and providing check-host reports. These posts explicitly use pro‑war slogans and hashtags consistent with pro‑Russia ideological framing (#КиберФронтZ, #Z, #СвоихНеБросаем).

Separately, multiple channel posts describe the OSINT bot’s technical upgrades and database additions, including “private databases” and the ability to search by name + date of birth (FIO + bdate), implying a doxxing‑adjacent data‑enrichment capability. This introduces a dual risk: (a) availability disruption claims against external targets, and (b) privacy/identity data misuse risk via the service’s advertised functionality.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers — РУБЕЖ (Frontier)


Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — РУБЕЖ (Frontier) (Hybrid: DDoS Claims + Identity Lookup Service)


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-23T03:10:00+00:00

IOC Appendix (TLP:WHITE) — РУБЕЖ (Frontier)

Note: Reviewed OSINT does not provide stable malware hashes or dedicated C2 infrastructure for РУБЕЖ (Frontier). This appendix focuses on correlation cues and behavioral indicators for disruption and identity-data misuse.

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-23T03:10:11+00:00

OSINT Library — РУБЕЖ (Frontier)


2026-02-06 — Telemetr.me — “РУБЕЖ / @Frontier_channel post: joint 'cyberstrike' claim with Bogatyrskaya Zastava; Check-Host links; promo of @FireRaize_bot API credits”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/3
Address Verification SOCMINT
t.me/Fro************* Restricted Not integrated
t.me/Fro***************** Restricted Not integrated
t.me/Fir********** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.