3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Team Azrael Angel of Death

Team Azrael Angel of Death

ID: 7039b898666a3b3d0f8f5de3b855282d
Hacktivist Group Hacktivism
Threat types: Defacement, Intrusion, Data Leak
Pakistan
Updated: 2026-03-05
Created: 2025-10-20
Progress: 64% Completeness: 61% Freshness: 70%
Operation zone:
Aliases Limited alias preview
Angel of Death Azrael-Angel Of Death T**** Te*********
Te************************** Te************************* Te********************
Showing 2 of 7 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Team Azrael – Angel Of Death® is a Pakistan-aligned, pro-Palestinian hacktivist collective that conducts politically motivated cyber operations primarily against Indian government, media, and civic targets. Public reporting highlights compromises of a Rajasthan state government mail server used for phishing, defacement and symbolic control of media/CCTV endpoints, and repackaging of historical Election Commission of India data as if it were a fresh breach. Their tradecraft is centered on exploiting weakly secured public-facing services and amplifying modest technical impact through propaganda.


Technique Technique name Tactics Evidence
T1190 Exploit Public-Facing Application TA0001
  • 2024-08-15 — HackHunting’s analysis of Independence Day 2024 activity reports that Team Azrael claimed to have targeted the Rajasthan State Government mail server and published screenshots of a compromised email panel used to send phishing emails, implying exploitation of an exposed mail or web management application. · ref
  • 2025-09-06 — Telegram post archives for Team Azrael list multiple Indian websites (e.g., kiahn.in, arman.webskill.in, bauxiteindia.com, pizzarecipes.in, inclusiv.in) as being 'owned' during Operation Bunyan Al-Marsoos, consistent with compromise of public-facing web applications to gain control of site content. · ref
T1491.002 External Defacement TA0040
  • 2024-08-15 — HackHunting describes Team Azrael as a pro-Palestinian hacktivist group that participated in Independence Day 2024 operations, including defacement of Indian government and other websites with political messages, indicating use of website defacement for influence. · ref
  • 2025-09-06 — Team Azrael’s Telegram feed shows videos and messages claiming control over Indian TV channels and multiple websites, accompanied by slogans such as 'Your propaganda machine is now in our control' and site lists under 'Websites Owned by Team Azrael – Angel of Death,' demonstrating deliberate defacement and content replacement for propaganda. · ref
T1566.002 Spearphishing Link TA0001
  • 2024-08-15 — HackHunting notes that after compromising a Rajasthan State Government mail server, Team Azrael posted evidence showing use of the official email panel to send phishing messages, indicating spearphishing via links or content delivered from a trusted government domain. · ref
T1213 Data from Information Repositories TA0009
  • 2025-05-08 — CloudSEK reports that Team Azrael–Angel Of Death claimed to have breached the Election Commission of India and leaked over one million citizen records; verification showed the dataset was originally leaked in 2023, but the group nonetheless obtained and redistributed data from an information repository for impact. · ref
  • 2025-05-16 — An issue brief from India’s Manohar Parrikar Institute for Defence Studies and Analyses summarizes Team Azrael’s alleged Election Commission of India breach as involving compromise and leakage of data related to Indian Army personnel and other agencies, later assessed as fabricated or recycled, evidencing their use of sensitive-looking data repositories in hack-and-leak narratives. · ref
T1585.001 Social Media Accounts TA0042
  • 2025-04-01 — A LinkedIn intelligence note on 'Hacktivist – Team Azrael – Angel Of Death®' describes the Telegram channel @anonymous_Cr02x as the main outlet for the group’s cyberattack claims and geopolitical propaganda, indicating deliberate use of a branded social media account to support operations. · ref
  • 2025-10-09 — Telegram analytics on the 'Team Azrael--Angel Of Death®' channel show it amplifying operations, calling for hacktivist mobilization, and promoting allied channels such as NewVforvendetta and INDOHAXSEC, illustrating sustained operational use of a maintained social media persona. · ref
T1585.003 Cloud Accounts TA0042
  • 2025-06-08 — Regional reporting on India–Pakistan hacktivist activity notes that groups including Team Azrael publish long-form communiqués, operation banners, and victim lists on web pages and mirrored sites, functioning as branded web presences to host propaganda and breach announcements. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-01-20T23:42:00+00:00

Team Azrael – Angel of Death® — Preliminary Intelligence


Classification: TLP:WHITE — Pro-Palestinian / India-focused hacktivist collective

Status: Active (at least 2023–2025), with observed inactivity phases and relaunches

Aauthor: iQBlack Team


Executive Summary

Team Azrael – Angel of Death® (often shortened to Team Azrael) is a pro-Palestinian hacktivist group operating primarily in the India–Pakistan / Middle East conflict space.


Public OSINT characterizes it as:

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — Team Azrael – Angel of Death®

Actor type: Pakistan-aligned / pro-Palestinian hacktivist collective

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/1
Address Verification SOCMINT
t.me/ano************ Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–3 of 3 images
Hacked website Free Preview
Hacked website
Logo Free Preview
Logo
Logo Free Preview
Logo