3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
PELICAN HACKERS

PELICAN HACKERS

ID: f8f59714e9d00d6a36bfb31fb0bfdc97
Cybercrime Cybercriminal Hacktivist
Threat types: Hacktivism, Politically-motivated intrusion
India PAK
Updated: 2026-02-18
Created: 2026-01-27
Progress: 76% Completeness: 78% Freshness: 70%
Operation zone: Pakistan
Aliases Limited alias preview
Team Pelican Hackers TPH
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

PELICAN HACKERS (aka Team Pelican Hackers) is an OSINT-observed hacktivist label linked in 2025 reporting to claimed intrusions and alleged data exposure targeting Pakistani institutions. Technical details are limited; mapping focuses on high-level behaviors and marks inferred items explicitly.


Technique Technique name Tactics Evidence
T1565.002 Transmitted Data Manipulation TA0040
  • 2025-09-02 — Public reporting describes alleged exposure of administrative datasets after claimed breaches (data integrity/handling concerns in disclosure scenarios). INFERENCE (confidence: low). · ref
T1567.002 Exfiltration to Cloud Storage TA0010
  • 2025-09-02 — Claimed data exposure implies data removal and publication; specific exfil channel not published. INFERENCE (confidence: low). · ref
T1491.001 Internal Defacement TA0040
  • 2025-01-01 — Social media claim artifact references defacement; target and details not independently verified. INFERENCE (confidence: low). · ref
T1190 Exploit Public-Facing Application TA0001
  • 2025-09-01 — Claimed breaches of institutions plausibly involve web-facing portals; no technical details disclosed. INFERENCE (confidence: medium). · ref
T1110 Brute Force TA0006
  • 2025-09-01 — Credential abuse is a common vector in similar hacktivist incidents; not directly evidenced for this actor in OSINT. INFERENCE (confidence: low). · ref
Strategic Intelligence
Limited preview
Last updated: 2026-02-18T19:27:12+00:00

PELICAN HACKERS

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — PELICAN HACKERS

Classification: Unclassified / OSINT — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — PELICAN HACKERS

Priority: Medium. Context: claim-driven hacktivist activity and opportunistic intrusion patterns in South Asia; limited actor-specific IOCs available, so hunts focus on common web/IAM/data-exfil primitives.

Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-18T19:28:27+00:00

IOC Appendix — PELICAN HACKERS

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-18T19:28:39+00:00

OSINT Library — PELICAN HACKERS


[2025-09-02 — The Economic Times (CISO ET) — “Cyble report highlights Team Pelican Hackers' claimed breaches of Pakistani institutions”]

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.