3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Z-INQUISITOR

Z-INQUISITOR

ID: 6510ee192f0b33ba10a9895a3aa93ba437033
Hacktivist Group Hacktivism
Threat types: Hacktivism, Intrusion, DDoS Attack
Russia
Updated: 2026-02-21
Created: 2026-02-20
Progress: 70% Completeness: 70% Freshness: 70%
Operation zone:
Aliases Limited alias preview
Z Inquisitor
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Z-INQUISITOR is an OSINT-observed pro-Russia hacktivist/propaganda brand primarily visible through Telegram-centric messaging and alliance signaling. Actor-specific technical artifacts are limited; risk should be modeled as coalition-adjacent disruption activity (DDoS/defacement narratives) within the broader pro-Russia hacktivist ecosystem.


Technique Technique name Tactics Evidence
T1498 Network Denial of Service TA0040
  • 2025-12-09 — Government reporting characterizes the pro-Russia hacktivist ecosystem as heavily disruption-centric, including DDoS activity; apply to Z-INQUISITOR as coalition-adjacent context rather than actor-specific confirmed operations. · ref
  • 2026-02-21 — INFERENCE (confidence: medium): Z-INQUISITOR’s messaging and alliance positioning are consistent with disruption-first hacktivist branding, where DDoS is the most common operational method. · ref
T1499 Endpoint Denial of Service TA0040
  • 2025-12-09 — INFERENCE (confidence: low): application-layer saturation of endpoints is a common availability tactic in hacktivist DDoS campaigns; actor-specific evidence for Z-INQUISITOR not established. · ref
T1593 Search Open Websites/Domains TA0043
  • 2025-07-02 — INFERENCE (confidence: medium): pro-Russia hacktivist campaigns often select targets based on publicly visible, high-salience services and geopolitical triggers, implying reliance on OSINT-driven target discovery. · ref
T1078 Valid Accounts TA0001 TA0003 TA0004 TA0005
  • 2025-12-09 — INFERENCE (confidence: low): advisory context indicates opportunistic access paths in the ecosystem; valid accounts abuse is a general risk but is not confirmed for Z-INQUISITOR specifically. · ref
T1190 Exploit Public-Facing Application TA0001
  • 2025-12-09 — INFERENCE (confidence: low): ecosystem reporting describes opportunistic compromise of exposed services; include as a potential pathway when claims indicate deeper intrusion rather than pure DDoS. · ref
T1021.005 VNC TA0008
  • 2025-12-09 — Government reporting notes abuse of inadequately secured VNC connections by pro-Russia hacktivists; include as ecosystem-relevant monitoring priority (not actor-specific confirmed). · ref
Strategic Intelligence
Limited preview
Last updated: 2026-02-21T20:49:10+00:00

Z-INQUISITOR — pro-Russia hacktivist/propaganda brand (OSINT)

Classification: TLP:WHITE — Open Source Intelligence (OSINT)

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers — Z-INQUISITOR


Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Z-INQUISITOR

Priority / context: Z-INQUISITOR is primarily visible as a Telegram-centric pro-Russia hacktivist brand with limited actor-specific technical artifacts in OSINT. This playbook focuses on the highest-probability, defender-relevant patterns for coalition-adjacent disruption operations: DDoS readiness, edge exposure reduction, claim validation, and early-warning monitoring.

Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-21T20:50:39+00:00

IOC Appendix (TLP:WHITE) — Z-INQUISITOR

Note: Publicly attributable, actor-specific IOCs for Z-INQUISITOR are limited in reviewed OSINT. The items below prioritize huntable patterns and context indicators suitable for correlation, not long-lived blocking.

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-21T20:51:15+00:00

OSINT Library — Z-INQUISITOR


2026-02-21 — TGStat — “Telegram channel: Z-INQUISITOR (index page)”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/1
Address Verification SOCMINT
t.me/+eb************** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.