3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Libyan Ghosts Hackers

Libyan Ghosts Hackers

ID: 6494989de35ea7cd846ad9152c24ed5a
Hacktivist Group Collective Defacement Crew Hacktivism
Threat types: Defacement, Intrusion, Hacking, Exploit, Pro-Palestine, Pro-ISIS
Libya ISR, LBY, TUN
Updated: 2026-02-23
Created: 2025-10-20
Progress: 68% Completeness: 67% Freshness: 70%
Operation zone: Israel, Libya, Tunisia
Aliases Limited alias preview
LGH LGH Team Li***********
Showing 2 of 3 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Libyan Ghosts Hackers (LGH) — Libya-linked defacement collective with public Facebook/Telegram presence. Activity centers on symbolic web defacements claimed by handles such as Ly_Kermit, Hacking Alansary LY, and Ly Forbidden, with Zone-H mirrors used for proof. In Oct 2023, threat monitoring noted LGH targeting smaller Israeli websites during the Israel–Hamas conflict. Capability assessed as low; impact primarily reputational/propaganda.


Technique Technique name Tactics Evidence
T1491.002 External Defacement TA0040
  • 2023–2024 — Actor posts show 'Hacked by Ly_Kermit' videos and Zone-H mirror IDs used to claim defacements. · ref
  • 2023-10-09 — Threat-intel note flags 'Libyan Ghosts' as a new defacement group targeting smaller Israeli websites. · ref
T1190 Exploit Public-Facing Application TA0001
  • 2023-10 — Activity pattern (small sites; fast page swaps) consistent with opportunistic exploitation of public-facing apps during the 2023 wave. INFERENCE anchored in defacement reporting. · ref
T1585 Establish Accounts TA0042
  • 2023–2024 — Persistent use of Facebook/Telegram channels listing LGH Team and handles (Ly_Kermit, Hacking Alansary LY, Ly Forbidden). · ref
  • 2023–2024 — Facebook page acts as claim/propaganda hub for LGH Team. · ref
Strategic Intelligence
Limited preview
Last updated: 2025-10-20T20:16:42+00:00
Libyan Ghosts Hackers (LGH / LGH Team) — Libya-Linked Defacement Crew

CLASSIFICATION: Unclassified / Open Source


Executive Summary

Libyan Ghosts Hackers (LGH) is a Libya-linked defacement collective active across the 2010s and resurfacing in 2023–2024 with renewed propaganda and small-scale web compromises. The group maintains public Facebook and Telegram presences that attribute defacements to named handles (e.g., Ly_Kermit, Hacking Alansary LY, Ly Forbidden) and showcase Zone-H mirrors and “Hacked by” videos. In October 2023, threat-intel reporting flagged Libyan Ghosts as a “new defacement group” hitting smaller Israeli websites amid the Israel–Hamas war information environment. Overall capability: low (scripted defacements and opportunistic web exploitation), with effects driven by symbolism and local/regional propaganda rather than sustained access. Confidence: medium (actor-run channels + third-party monitoring).

  • Brand & footprint. LGH styles itself as a “team” (LGH Team / Libyan Ghosts Hackers Exploits) with public posting on Facebook (page followers ~2k) and a Telegram channel that advertises a Zone-H notifier archive and lists crew handles. Facebook


Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/1
Address Verification SOCMINT
t.me/LGH***** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–1 of 1 images
Reference image Free Preview
Reference image