3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Ukrainian Hacker Group

Ukrainian Hacker Group

ID: 60876ef6c242e3e6cfb6ea82bf86c15f
Hacktivist Group DDoS Crew Hacktivism
Threat types: Defacement, DDoS Attack, Botnet
Ukraine HRV, FIN, FRA, DEU, NLD, RUS, SWE, GBR, USA
Updated: 2026-03-14
Created: 2025-10-25
Progress: 81% Completeness: 85% Freshness: 70%
Operation zone: Croatia, Finland, France, Germany, Netherlands, Russia, Sweden, United Kingdom, United States
Aliases Limited alias preview
IT Army UHG Uk******************
Showing 2 of 3 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

“Ukrainian Hacker Group” is a generic media label for Ukraine-aligned hacktivist operations where branding (e.g., UCA, IT Army, Black Owl, CAS) is unspecified. Recent cases include ISP Lovit outages (IT Army claim) and the Investment Projects platform breach, illustrating DoS and public-facing app exploitation with rapid Telegram claims.


Technique Technique name Tactics Evidence
T1499 Endpoint Denial of Service TA0040
  • 2025-03-25 — Multi-day disruption at Russian ISP Lovit tied to IT Army claim; DoS/availability attack pattern. · ref
T1190 Exploit Public-Facing Application TA0001
  • 2025-08-20 — Investment Projects platform compromise and outage consistent with public-facing app exploitation. · ref
T1485 Data Destruction TA0040
  • 2025-05-15 — Reported wiping of a third of Russia’s court archive in the broader pro-Ukraine hacktivist space. · ref
Strategic Intelligence
Limited preview
Last updated: 2025-10-29T19:21:41+00:00
Ukrainian Hacker Group — generic media label for Ukraine-aligned hacktivist operations

CLASSIFICATION: Unclassified / Open Source Intelligence (OSINT)

Category: Cyber / Hacktivism — Origin: Ukraine-aligned (umbrella label; non-unique actor)


Executive Summary

Multiple reputable outlets refer to “a Ukrainian hacker group” when source or branding is unclear (i.e., not explicitly UCA, IT Army, Black Owl, C.A.S., etc.). This label has been used for confirmed disruptions against Russian targets during 2023–2025, including outages at the ISP Lovit (claimed by the IT Army of Ukraine) and the Russian Investment Projects platform (victim confirmation). These incidents illustrate a modus operandi centered on opportunistic exploitation of Internet-exposed services and, at times, DDoS or destructive actions, with public claims typically posted on Telegram. Because “Ukrainian Hacker Group” is a non-specific umbrella, attribution to a single organization is not supported; instead, it reflects a cluster of Ukraine-aligned hacktivist practices. Overall capability observed across these incidents is moderate to high for disruption and reputational impact. Confidence: high that the term is used generically; medium on technical TTPs inferred from the cited cases; low on any unique membership/governance.


  • Industries / Sectors: Internet service providers, online platforms, technology/telecom, and various Russian enterprises tied to state functions.
  • Geography (Region): Primarily Russia; occasionally Russian-linked or Belarusian infrastructure.
  • Timeframe: 2022–present with visible peaks in 2024–2025 around high-salience events.
Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO

Why this matters now: Even when branding is vague, the effects —outages (Lovit), platform takedowns (Investment Projects), or destructive impacts (court archives)— are material.

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook (behavior-first; vendor-agnostic)

Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2025-11-25T20:45:59+00:00

IOC Appendix (TLP:WHITE)

Because “Ukrainian Hacker Group” is not a unique actor, there are no stable, actor-specific IOCs to list without risking false positives. Use the behavioral detections above and pivot from case-specific reports (e.g., Lovit outage, Investment Projects).

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2025-11-25T20:46:02+00:00

OSINT Library — Ukrainian Hacker Group (genérico / cobertura de ‘hackers ucranianos’)

2025-02-21 — The Record — “Ukrainian hackers claim breach of Russian loan company linked to Putin’s ex-wife”

https://therecord.media/russia-carmoney-data-breach-ukrainian-cyber-alliance

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/1
Address Verification SOCMINT
t.me/Ukr***************** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.