HOMETHREATSKeymous+
APT / THREAT GROUP HACKTIVISM

Keymous+

3
aliases
Last seen:Mar 25, 2026

Intelligence Profile

Keymous is a threat actor known for executing extensive DDoS attacks across multiple Arab countries, targeting government ministries and critical infrastructure. The group has claimed access to sensitive data, including over 300,000 records from Israel's Ministry of Education, and has engaged in reconnaissance activities against various ministries in Bahrain and other nations. Keymous employs diverse infrastructure, including compromised IoT devices and DDoS-for-hire platforms, to amplify attack bandwidth. Their operations have been characterized by a focus on politically motivated cyberattacks, particularly in the context of regional conflicts.

Threat Analysis

Keymous+ is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of hacktivism.

As a hacktivist-aligned entity, Keymous+ conducts operations driven by ideological, political, or social grievances, typically through website defacements, DDoS attacks, and the leaking of sensitive data to advance a public narrative.

Intelligence Reports Mentioning Keymous+

External References

Quick Facts

TypeAPT / Threat Group
Motivation hacktivism
Aliases3
SourceMalpedia

Also Known As

keymousKeymous PlusKeymous+

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.