3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Russian Partizan

Russian Partizan

ID: c9028647e545317e00e20621edbf5df041153
Hacktivist Group Hacktivism
Threat types: Hacktivism, Intrusion, DDoS Attack
Russia DNK, FRA, UKR
Updated: 2026-04-15
Created: 2026-02-20
Progress: 92% Completeness: 88% Freshness: 100%
Operation zone: Denmark, France, Ukraine
Aliases Limited alias preview
PARTISAN Russian Partisan Ru************* Ru*************
Showing 2 of 4 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Russian Partizan is a pro-Russian hacktivist label associated in public reporting with campaign-based disruptive operations, especially DDoS, and coalition activity within the ‘Russian Legion’/‘OpDenmark’ narrative in early 2026.


Technique Technique name Tactics Evidence
T1498 Network Denial of Service TA0040
  • 2026-01-30 — Public reporting describes DDoS activity and DDoS threats associated with the OpDenmark campaign window and the Russian Legion alliance (Russian Partizan listed as a member). · ref
  • 2026-02-06 — Vendor follow-up notes the campaign has consisted of distributed denial-of-service (DDoS) attacks despite claims of more sophisticated capabilities. · ref
T1499 Endpoint Denial of Service TA0040
  • 2026-02-02 — Reporting and summaries describe disruption of websites/online services (availability impact) consistent with endpoint/service resource exhaustion outcomes of DDoS campaigns. · ref
  • 2026-02-03 — Secondary reporting describes repeated targeting and service disruption claims against Danish organizations, with emphasis on availability disruption. · ref
T1595 Active Scanning TA0043
  • 2026-02-06 — INFERENCE (confidence: medium): Campaign-driven selection of public-facing services and repeated targeting implies basic active scanning/recon of exposed web surfaces to identify high-visibility targets and origin bypass opportunities. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-02-21T19:51:51+00:00

Russian Partizan — Pro-Russian hacktivist collective

Classification: TLP: WHITE - Open Source Intelligence (OSINT)

Category: Hacktivism / Politically motivated disruption — Origin: INFERENCE (confidence: medium): Russia-aligned / Russian-language ecosystem

Author: iQBlack CTI Team


Executive Summary

Russian Partizan is assessed as a pro-Russian hacktivist brand primarily associated with disruptive operations (notably DDoS) and information operations in support of Russian geopolitical narratives. Public reporting in early 2026 places Russian Partizan as a member of the “Russian Legion” alliance alongside Cardinal, The White Pulse, and Inteid, which publicly threatened Denmark under the campaign label “OpDenmark”.

The publicly described operational pattern is consistent with campaign-driven hacktivism: public warnings/ultimatums communicated via social channels, followed by bursts of disruptive activity against public-facing services. This model is optimized for visibility and political signaling rather than stealth, persistent access, or high-end cyber-espionage tradecraft.

Open sources reviewed for this deliverable do not provide reliable, stable infrastructure indicators (domains/C2) attributable to Russian Partizan. As a result, defender value comes primarily from behavioral detection (DDoS precursors, anomalous traffic patterns) and OSINT early warning (monitoring alliance messaging and claimed target lists).

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — Russian Partizan

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Russian Partizan


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-21T19:55:54+00:00

IOC Appendix (TLP:WHITE) — Russian Partizan

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-21T19:57:48+00:00

OSINT Library — Russian Partizan


2026-02-06 — Truesec Threat Insight — “Russian Hacktivist Group ‘Russian Legion’ Initiate OpDenmark”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/3
Address Verification SOCMINT
t.me/par********* Restricted Not integrated
t.me/+RP************** Restricted Not integrated
t.me/Mon************** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–4 of 4 images
Alliance with White Pulse Free Preview
Alliance with White Pulse
Logo / Avatar Free Preview
Logo / Avatar
Alliance with Hackhax Free Preview
Alliance with Hackhax
Alliance with HARM Alliance Free Preview
Alliance with HARM Alliance