3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
inteid

inteid

ID: ec147a3b91d1df8973f96e8590e214a5
Hacktivist Group Hacktivism
Threat types: Hacktivism, DDoS Attack
Russia BRA, FRA, ISR, JPN, POL, UKR, GBR
Updated: 2026-04-12
Created: 2026-01-20
Progress: 86% Completeness: 80% Freshness: 100%
Operation zone: Brazil, France, Israel, Japan, Poland, Ukraine, United Kingdom
Aliases Limited alias preview
No aliases registered.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Inteid is assessed as a pro-Russian hacktivist brand associated with DDoS-centric disruption and coercive messaging. Public reporting (Truesec) lists Inteid as a member of the 'Russian Legion' alliance targeting Denmark under 'OpDenmark' and notes Inteid conducted a DDoS attack against Denmark’s health portal sundhed.dk in late January 2026. Danish sector reporting indicates 'inteid' claimed responsibility for a DDoS outage affecting sundhed.dk. Evidence supports DDoS impact; steps such as scanning and bot capacity are marked as INFERENCE.


Technique Technique name Tactics Evidence
T1498 Network Denial of Service TA0040
  • 2026-01-30 — Truesec states Russian Legion includes Inteid and that Inteid conducted a DDoS attack against sundhed.dk earlier that week; campaign described as DDoS-focused. · ref
  • 2026-01-26 — Danish sector outlet reports sundhed.dk was down after a DDoS attack and that hacker group 'inteid' claimed responsibility (per TjekDet in article). · ref
T1589.003 Employee Names TA0043
  • 2026-01-30 — INFERENCE (confidence: medium): Target selection implies identification of organisational internet properties (public portals) for disruption. · ref
T1595 Active Scanning TA0043
  • 2025-12-18 — INFERENCE (confidence: medium): CISA advisory on pro-Russian hacktivists describes opportunistic activity against public-facing services; scanning/probing is a common precursor to DDoS targeting workflows. · ref
T1583.006 Web Services TA0042
  • 2025-12-18 — INFERENCE (confidence: low–medium): Pro-Russia hacktivist DDoS activity often leverages distributed bot capacity or volunteer tooling rather than bespoke infrastructure. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-02-23T01:09:05+00:00

Inteid — Pro-Russian Hacktivist Brand (DDoS-centric; Russian Legion member)

Classification: TLP: WHITE — Open Source Intelligence (OSINT)

Category: Cyber / Hacktivism (Disruption & Coercive Messaging)


Executive Summary

Inteid is assessed as a pro-Russian hacktivist brand primarily associated with denial-of-service disruption and public influence signaling. In late January–early February 2026, multiple independent sources describe Inteid as a member of the newly announced hacktivist alliance “Russian Legion,” alongside Cardinal, The White Pulse, and Russian Partizan, under the campaign name “OpDenmark.”

Truesec reporting states Inteid conducted a DDoS attack against Denmark’s health portal sundhed.dk “earlier this week” (relative to 2026-01-30), and a Danish sector outlet reports that the hacker group “inteid” claimed responsibility for a DDoS outage affecting sundhed.dk.

Truesec further observed that while Russian Legion messaging claims more advanced capability, the observed campaign to date has consisted only of DDoS attacks; it also noted “Phase 2” (“Operation Ragnarök”) and potential spillover targeting beyond Denmark.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers — Inteid


Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Inteid (Russian Legion member; DDoS-centric)


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-21T20:15:13+00:00

IOC Appendix (TLP:WHITE) — Inteid

Note: For Inteid, reviewed open sources emphasize DDoS disruption and public threats and do not provide stable, high-fidelity technical indicators (e.g., malware hashes, dedicated C2 domains). This appendix therefore focuses on behavioral indicators, early-warning cues, and scoping references.

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-21T20:15:26+00:00

OSINT Library — Inteid


2026-01-30 — Truesec — “Newly Established Russian Hacker Alliance Threatens Denmark”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/4
Address Verification SOCMINT
t.me/int*** Restricted Not integrated
t.me/+qW************** Restricted Not integrated
t.me/int******* Restricted Not integrated
t.me/int***** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–6 of 6 images
Alliance with White Pulse Free Preview
Alliance with White Pulse
Alliance with HARM Alliance Free Preview
Alliance with HARM Alliance
Alliance with Bogatyrskaya Zastava Free Preview
Alliance with Bogatyrskaya Zastava
Alliance with Z-Pentest Alliance Free Preview
Alliance with Z-Pentest Alliance
Alliance with Dark Storm Free Preview
Alliance with Dark Storm
Logo Free Preview
Logo
Showing 4 of 6 images in preview mode. Additional evidence is restricted for Analyst and Premium plans.