3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Alz_157s

Alz_157s

ID: d5a220eb5c2e988e7175d803bef8942c56718
Cybercrime Cybercriminal Hacktivist
Threat types: Hacktivism, Intrusion, Defacement, Data Leak, SQL Dump
Mexico BRA, COL, MEX, USA
Updated: 2026-04-03
Created: 2026-03-27
Progress: 91% Completeness: 92% Freshness: 90%
Operation zone: Brazil, Colombia, Mexico, United States
Aliases Limited alias preview
/alz/ Alz a*****
Showing 2 of 3 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Alz_157s is a Mexican actor-persona strongly associated with the Sociedad Privada 157 ecosystem and recurrent public claims involving data leaks, institutional compromise, and occasional defacement activity, mainly against Mexican public-sector targets.


Technique Technique name Tactics Evidence
T1190 Exploit Public-Facing Application TA0001
  • 2026-01-27 — INFERENCE (confidence: medium): repeated claims against public institutions are consistent with exploitation of Internet-exposed applications or administrative portals. · ref
T1078 Valid Accounts TA0001 TA0003 TA0004 TA0005
  • 2026-01-27 — INFERENCE (confidence: medium): some institutional leak scenarios are compatible with abuse of valid accounts or previously obtained credentials. · ref
T1059 Command and Scripting Interpreter TA0002
  • 2026-03-30 — INFERENCE (confidence: medium): common intrusion and website-manipulation workflows of this class typically rely on scripting or shell execution on compromised hosts. · ref
T1505.003 Web Shell TA0003
  • 2026-03-30 — INFERENCE (confidence: medium): defacement-linked activity and likely server persistence are consistent with web shell use. · ref
T1083 File and Directory Discovery TA0007
  • 2025-01-11 — Advertising administrative datasets implies prior discovery and enumeration of accessible repositories or file structures. · ref
T1213 Data from Information Repositories TA0009
  • 2026-01-27 — Leak claims involving hospital and student records map well to data theft from information repositories. · ref
T1005 Data from Local System TA0009
  • 2025-01-11 — Forum-advertised administrative data implies collection of files or exports from local or application-linked systems. · ref
T1491.001 Internal Defacement TA0040
  • 2026-03-30 — Public defacement surface directly displays the Alz_157s handle, supporting website defacement as a relevant impact technique. · ref
T1565.001 Stored Data Manipulation TA0040
  • 2026-03-30 — INFERENCE (confidence: medium): web defacement behavior is often accompanied by stored content modification on the target site. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-04-03T19:23:55+00:00

ALZ_157S — Mexican actor-persona linked to Sociedad Privada 157 and adjacent leak/defacement activity

Classification: TLP:WHITE - Open Source Intelligence (OSINT) with limited source-enabled HUMINT enrichment

Category: Cybercrime / Intrusion, data-leak and defacement persona — Origin: Mexico (assessed, medium confidence)

Author: iQBlack CTI Team


Executive Summary

Alz_157s is assessed as an actor-persona operating inside the ecosystem of Sociedad Privada 157 (SP157), with recurring public association to Mexican government and public-sector victim claims involving data leaks, intrusion claims, and occasional defacement activity. Public reporting and monitored claim surfaces consistently place the handle near SP157 branding and leak-oriented operations. (OSINT | B2)


The strongest current analytical position is that Alz_157s is not a standalone threat group but a visible operator or co-branded persona within a broader collaborative cluster. The available evidence supports persistent association with SP157 more strongly than any other group relationship. (OSINT | B2)

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — Alz_157s

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Alz_157s / Sociedad Privada 157-linked Activity


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-03-31T03:33:46+00:00

IOC Appendix — Alz_157s

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-03-31T03:34:09+00:00

OSINT Library — Alz_157s


2026-01-27 — Claro y Conciso — “Alerta por filtración masiva de datos: Hackers vulneran sistemas del Gobierno de México”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/4
Address Verification SOCMINT
t.me/ulp****** Restricted Not integrated
t.me/hac********* Restricted Not integrated
t.me/alz*** Restricted Not integrated
Address Verification SOCMINT
mx.pinterest.com/alz***** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–4 of 4 images
Web Defacement Free Preview
Web Defacement
Propaganda Free Preview
Propaganda
Propaganda Free Preview
Propaganda
Propaganda Free Preview
Propaganda