Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to threat actors
🇧🇩 BD

Sylhet Gang

Also known assylhet_gang

Sylhet Gang is a hacktivist group referenced in reporting on multiple geopolitical cyber campaigns. In the provided content, it is identified as a pro-Pakistan or anti-India group active during cyber activity surrounding India’s Operation Sindoor, where it was named among groups that attempted to breach India’s cyberspace. The content also places Sylhet Gang among disruptive hacktivist groups active in the period following the U.S.-Israel military campaign against Iran, and notes that it amplified a DieNet warning threatening cyber-attacks against the United States if the U.S. joined the conflict against Iran. Across these contexts, the reporting associates the broader campaigns involving Sylhet Gang with disruptive operations, especially DDoS attacks; in the Israel-Iran context, the surrounding activity also included website defacements and claimed data breaches, though no unique TTPs are attributed specifically to Sylhet Gang in the provided material. Known alias in the content: sylhet_gang.

Share:
Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial
OPERATIONAL PROFILE

Targeting

Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.

Where they target

Geographies tied to known operations.

  • 🇮🇳 India

Where they're from

Attributed origin per open-source reporting.

  • BD
MITRE ATT&CK

Tradecraft

1 distinct technique observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

1 of 15 tactics1 techniques×N= number of intelligence reports citing this technique
MITRE ATT&CK
TA0040
Impact
1 technique
T1498×2
Network Denial of Service
ACTIVITY FEED

Recent activity

4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

4 SOURCESView more in app
the hacker newsNews
Mar 4, 2026
149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict

Hacktivist group named as participating in disruptive operations related to the conflict.

Read more
the hacker newsNews
Jun 20, 2025
Iran's State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist

Hacktivist group involved in the pro-Iranian/pro-conflict hacktivist ecosystem; associated reporting characterizes activity as DDoS/defacement/claimed breaches with frequent exaggeration/disinformation.

Read more
timesofindiaNews
May 25, 2025
How pro-India hackers defended country during cross-border cyberattacks amid Op Sindoor | Hyderabad News - The Times of India

Named among hacktivist groups involved in cyber operations against India during Operation Sindoor.

Read more
the hacker newsNews
May 12, 2025
⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams

Hacktivist-led DDoS activity targeting India amid India-Pakistan conflict-related tensions.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.
Start free trial
Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping1

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.