3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
CyberDragon

CyberDragon

ID: 4c05b1e5e29d9d8b9d060a33399e271c
Hacktivist Group Hacktivism
Threat types: DDoS Attack, Hacktivism, Pro-Russia
Unknown
Updated: 2026-04-07
Created: 2026-02-17
Progress: 78% Completeness: 73% Freshness: 90%
Operation zone:
Aliases Limited alias preview
Cyber Dragon Cyber Drakon Cy*********
Showing 2 of 3 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: unknown
Actor Techniques page ATT&CK® Diagram

Technique Technique name Tactics Evidence
T1498 Network Denial of Service TA0040
  • 2024-07-17 — Fortinet reporting lists 'Cyber Dragon' among pro-Russian groups calling out Olympics targeting; hacktivist activity spiking is commonly associated with DDoS disruption. · ref
T1585 Establish Accounts TA0042
  • 2026-02-17 — OSINT directory lists Telegram channels including 'Cyber Dragon' and 'Cyber Dragon Russia', indicating presence/branding on social platforms. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-04-13T00:58:09+00:00

CyberDragon — Pro-Russian hacktivist collective (Telegram-mobilized)

Classification: TLP:WHITE - Open Source Intelligence (OSINT)

Category: Hacktivism / Hybrid influence - Origin: Russia-aligned (INFERENCE, confidence: medium)

Author: iQBlack CTI Team



Executive Summary

CyberDragon is referenced in multiple open-source reports as a pro‑Russian hacktivist collective active on Telegram and associated with episodic, event-driven campaigns rather than long-duration covert espionage. Public reporting places the name among pro‑Russian group lists tied to anticipated disruption attempts against high-visibility international events (notably Paris 2024 Olympics) and to Telegram-centered mobilization waves (e.g., “#FreeDurov” solidarity campaigns) where multiple collectives coordinated site disruption activities.

Open reporting does not consistently provide a stable technical fingerprint (malware family, custom tooling, unique infrastructure). As a result, CyberDragon is best treated as a brand label within a broader pro‑Russian hacktivist milieu whose operational tempo rises around geopolitical triggers and media moments. Attribution to a single operator set is therefore uncertain; defenders should treat claims and hit-lists as OSINT indicators of intent, and validate against telemetry (DDoS traffic patterns, web service health, and defacement artifacts) before concluding direct responsibility.


Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — CyberDragon

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — CyberDragon


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-17T23:43:07+00:00

IOC Appendix — CyberDragon

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-17T23:44:15+00:00

OSINT Library — CyberDragon

Classification: TLP:WHITE — OSINT references curated for traceability. Links open in a new tab.


Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/2
Address Verification SOCMINT
t.me/%2B**************** Restricted Not integrated
t.me/Cyb******** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.