FAD
FAD Team is an Iran-aligned hacktivist threat actor referenced as part of a broader pro-Iran cyber ecosystem active during the 2026 regional conflict and #OpIsrael-related activity. The content places FAD Team among groups operating with apparent coordination from Iraqi territory within the broader “Islamic Cyber Resistance” / “Cyber Isnaad Front” ecosystem, alongside 313 Team, Fatimion Cyber Team, AL Toufan, Liwaa Mohammad, AL_Safwa313, Al Safwa, Unit 313, and Gaza313. Reporting also identifies FAD Team as one of several Iran-aligned groups that frequently amplify one another’s claims across messaging channels. Observed activity attributed to FAD Team includes low-level DDoS attacks, website defacements, phishing campaigns, and a claimed SQL injection attack followed by data leaks. Reported targeting includes entities in the Middle East, Israel, and the United States, as well as a small town in Pennsylvania, a virtual U.S. Air Force group, and educational institutions in France, India, and Vietnam. Cypherleak reporting cited FAD Team as active in the campaign affecting Gulf states, where early activity was consistent with short-lived DDoS-style disruptions and later reporting emphasized breach claims and data exposure narratives. The content also notes FAD Team among known Iranian groups observed using hosting providers including Hosterdaddy (AS136557), NameCheap, M247, and EDIS GmbH. While the reporting associates the group with Iran-aligned operations and the Iraq-Iran cyber corridor, it also states that identified groups such as FAD Team are independent actors rather than part of the Iranian state.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- Government & Administration
- Academia & Research
- Military
Where they target
Geographies tied to known operations.
- 🇺🇸 United States
- 🇫🇷 France
- 🇻🇳 Vietnam
- 🇮🇳 India
Recent activity
8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Referenced as a known Iranian group used for comparison in attribution analysis; the content does not link the observed campaign to FAD Team.
Referenced as a known Iranian group for comparison of infrastructure and tradecraft; the report indicates the observed campaign does not match these patterns.
Iran-aligned group active in the campaign ecosystem, contributing to hacktivist disruption activity and coordinated claim amplification targeting Gulf-aligned states.
Hacktivist group named as participating in disruptive operations related to the conflict.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.