313
313 Team is an Iran-aligned hacktivist group that describes itself as part of the "Cyber Islamic Resistance in Iraq." Reporting cited in the content identifies it as one of several Iran-aligned groups active in cyber campaigns affecting Gulf states, alongside DieNet, Fatimion Cyber Team, Fad Team, and ALTOUFAN TEAM. The content states these identified Iran-aligned groups are not part of the Iranian state and are described as independent actors seeking visibility and credibility. The group has been associated primarily with disruptive attack claims, especially denial-of-service activity against public-facing government and military services. One cited example is 313 Team’s claim of DoS shutdowns affecting Bahrain and Kuwaiti government and military services. However, the same reporting notes that these incidents were difficult to verify, that public reporting described only minor disruptions, and that the attacks either did not have the impact claimed by 313 Team or were later attributed to other groups. More broadly, the content characterizes early activity by Iran-aligned groups such as 313 Team as consistent with short-lived DDoS campaigns intended to overwhelm public websites rather than penetrate government systems, often coordinated via Telegram and typical of hacktivist publicity operations. During the March 2-3, 2026 escalation period, 313 Team was recorded with 42 distinct attack claims, placing it behind DieNet and Keymous Plus in activity volume. The content does not provide verified evidence of more advanced capabilities by 313 Team beyond these disruptive claims.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- Government & Administration
- Telecommunication Services
- Banks
- Transportation
- Public Safety
- Energy
Where they target
Geographies tied to known operations.
- 🇦🇪 United Arab Emirates
- 🇧🇭 Bahrain
- 🇮🇱 Israel
- 🇯🇴 Jordan
- 🇺🇸 United States
- 🇸🇦 Saudi Arabia
- 🇶🇦 Qatar
Where they're from
Attributed origin per open-source reporting.
- IR
Recent activity
3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Iran-aligned hacktivist group active in Gulf-focused cyber campaigns, initially associated with public disruption operations and attack claims amplified عبر messaging channels.
Iran-aligned hacktivist group known in this content for claiming denial-of-service attacks against Bahrain and Kuwait government and military services, though the real impact and attribution were disputed or unverified.
Named as a pro-Iranian hacktivist group active during the March 2026 escalation, associated with attack claim activity.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.