Keymous+

Keymous+ is a hacktivist threat group and North African hybrid actor assessed by researchers to originate in Algeria. Public reporting describes it as blending political messaging with commercial DDoS activity, including a suspected operator-level relationship with the EliteStress DDoS-for-hire platform, although no public ownership proof is cited. The group first appeared publicly in November 2023 and framed early activity around pro-Palestinian messaging under a “Hack for Humanity” banner, later participating in campaigns such as #OpIsrael and #OpIndia. Keymous+ is primarily associated with distributed denial-of-service operations. Researchers describe an internal structure with an Alpha Team for breaches and leaks and a Beta Team for DDoS operations, with Beta Team driving virtually all confirmed activity and Alpha Team appearing largely inactive by mid-2025. The group uses publicly available DDoS booter services and has been described as a marketing persona for EliteStress. Observed attack methods include amplification and flooding techniques such as CLDAP, DNS, NTP, memcached, SNMP, NetBIOS, rpcbind, L2TP, WS-DD, chargen, TCP SYN floods, UDP floods, DNS query floods, and Layer-7 HTTP/2 floods. It publicly posts uptime verification links, including check-host.net, and researchers reported attack clustering around 06:00 UTC. Confirmed targeting spans government, telecommunications, financial services, transportation and logistics, hospitality, healthcare, education, and energy. Government entities are the largest confirmed victim category. NETSCOUT telemetry cited Morocco, Saudi Arabia, Sudan, India, and France as the most targeted countries. Reporting also places the group in DDoS activity against European financial institutions, Indian government and financial sectors, and Middle Eastern targets including Egypt. Between February and September 2024, NETSCOUT independently verified 249 DDoS attacks attributed to Keymous+ across 15 countries and 21 industry sectors, while the group later claimed more than 700 attacks in 2025; researchers assess those public claims are inflated. Keymous+ is repeatedly described as highly collaborative within the hacktivist ecosystem. Reported alliances and coordinated activity include NoName057(16), DieNet, DarkStorm Team, Mr Hamza, AnonSec, Inteid, Anonymous Kashmir, Moroccan Dragons, and DDoS54. Content also states that Keymous+ announced collaboration with Inteid in support of Iranian cyberwar efforts, and that it publicly announced alliances and resource sharing through Telegram. A 2026 interview cited in the content stated that Keymous+ controls sub-groups including Anonymous Algeria, DDOS54, and Hack for Humanity. The group maintains a Telegram-centric presence, including channels such as KMPteam, Keymous_V2, keymous_team, and keymous, and operates KeymousPlusBot. It is also active on X under the handle KeymousTeam. Overall, the content consistently characterizes Keymous+ as a prolific, coalition-oriented DDoS-focused hacktivist actor with North African roots and a strong overlap between ideological branding and commercial DDoS service promotion.