APT / THREAT GROUP HACKTIVISM

KromSec

1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

KromSec is a hacktivist group that claims to be composed of hackers, activists, writers, and journalists. The group has been involved in a number of high-profile cyberattacks, including a cyber offensive against Iran in September 2022 and the sale of the database of the Iran Ministry of Industries and Mines on a hacker forum in November 2023. KromSec's attacks have been met with mixed reactions, but the group has quickly made a name for itself as a significant threat to governments and organizations around the world.

Threat Analysis

KromSec is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of hacktivism.

As a hacktivist-aligned entity, KromSec conducts operations driven by ideological, political, or social grievances, typically through website defacements, DDoS attacks, and the leaking of sensitive data to advance a public narrative.

External References

Quick Facts

TypeAPT / Threat Group
Motivation hacktivism
Aliases1
SourceMalpedia

Also Known As

KromSec

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.