404 CREW CYBER TEAM
404 CREW CYBER TEAM is a hacktivist threat actor referenced in reporting on cyber activity surrounding the late-February to early-March 2026 Middle East escalation. The content identifies it as "404 CREW CYBER TEAM / Disrupt0r," indicating Disrupt0r as an associated alias. It is mentioned as having conducted operations against Iranian CCTV systems, disclosed web vulnerabilities, and referenced Israeli targets. In the broader reporting context, it is listed among hacktivist groups active or claiming activity during 28 February to 1 March 2026, a period characterized by claimed DDoS attacks, website defacements, and alleged data-breach operations against government, financial, aviation, telecom, and critical-infrastructure targets. The provided content supports classifying the actor as hacktivist; no high-confidence attribution to a nation state is provided.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Where they target
Geographies tied to known operations.
- 🇮🇷 Iran
- 🇮🇱 Israel
Recent activity
1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.