DieNet

DieNet is a pro-Iranian, pro-Palestinian hacktivist group that emerged on Telegram in March 2025 and became one of the most prolific disruptive actors in the 2026 Iran-Israel conflict. It is repeatedly described as a major DDoS infrastructure supplier and primary volume driver for allied hacktivist groups, including within the Electronic Operations Room / Cyber Islamic Resistance coalition, where it acted as a central node alongside groups such as 313 Team. The group has also been referred to as part of the Electronic Operations Room of Islamic Resistance Axis. Content describes DieNet as structurally resembling a franchise with a core leadership circle and a wider ring of opportunistic operators, and one source notes it is believed to include Russian-speaking members with connections to Eastern European cyber communities. DieNet’s activity is centered on disruptive operations, especially high-volume DDoS attacks using rented DDoS-as-a-service infrastructure rather than bespoke malware. Reported techniques include TCP SYN floods, TCP RST floods, DNS amplification, NTP amplification, and Layer 7 application attacks. The group is described as providing structured target lists and automated check-host verification for allied groups. Its primary confirmed ATT&CK behavior in the content is Network Denial of Service (T1498). The group also uses Telegram messaging and propaganda to amplify psychological impact. Targets mentioned in the content span government, finance, telecommunications, transportation, healthcare, utilities, and other civilian and critical infrastructure sectors. The United States has been described as DieNet’s primary target since inception, with claimed attacks against U.S. transit, energy, financial, healthcare, and transportation entities, and warnings that it would attack the United States if it joined the conflict against Iran. The group also claimed attacks against Israeli websites and resources, GCC government and infrastructure targets in Kuwait, Bahrain, Jordan, Saudi Arabia, the UAE, and Qatar, as well as Indian government infrastructure and Cyprus. During the March 2026 escalation, DieNet was described as one of the most active pro-Iranian hacktivist groups and as a leading disruptive force in the broader pro-Iran ecosystem. The content also states that DieNet expanded campaigns into utility and civilian sectors and shared imagery allegedly showing accessed industrial control interfaces, PLC access, and OT/ICS-related screens. However, the same reporting emphasizes that many of DieNet’s claims involving ransomware, data theft, intrusion, and OT/ICS access were unverified, likely exaggerated, or inflated for propaganda effect. An announced ransomware strain, Locknet, and various exfiltration claims are specifically described as unverified. Known associations and amplifying peers mentioned in the content include 313 Team, Cyber Islamic Resistance, APT IRAN, Keymous / Keymous Plus, Fatimion Cyber Team, FAD Team, ALTOUFAN TEAM, Sylhet Gang-SG, OverFlame, DenBots Proof, Cyber Fattah, and Cyb3r Drag0nz. The group’s known alias in the provided content is DieNet.