Cyber Threat Actor: Dohaeragon

The threat actor known as Dohaeragon, also referred to as Dohaeragon Team or Dohaeragon Hacker Group, is associated with a single documented defacement incident. Publicly available information, including a personal profile for one member, indicates a likely Turkish origin, with an individual identified as being from Kusadasi, Turkey. The group's name and operational theme are derived from the fictional High Valyrian language and guilds in the television series Game of Thrones, with "Dohaeragon" reportedly meaning "serve" and the attacking team calling themselves "Team Faceless Men." Their only recorded appearance in public breach mirrors is on a Turkish site, and associated member handles such as Polatbey, Morghon, SoloKing, Claronomes, and KingOfNoobs appear linked to Turkish gaming communities, suggesting a loose affiliation of individuals rather than a structured organization.

The group's sole reported operation involved the defacement of the Health Innovations subdomain of Kaiser Permanente in July 2018. The attack replaced the site's content with a message crediting "Dohaeragon" and "Team Faceless Men," accompanied by a Game of Thrones-themed song. The targeted site was an externally hosted information page for employees and potential employees, and Kaiser Permanente confirmed it contained no protected health information. The article explicitly states the attackers have no history on major defacement archives and characterizes them as "teenage gamers with no history of any serious hacking." The initial access vector and specific tooling are not described, but the victim's security statement and post-incident comments imply the subdomain was vulnerable due to a lack of patching and inadequate security by the external vendor. No financial theft, espionage, or data exfiltration was reported in this incident, and there is no publicly established affiliation with any state or criminal consortium. The operation appears to have been motivated by notoriety within gaming circles, using a high-profile brand for a symbolic disruption rather than material gain.