Menu
Browse

Cyber Threat Actor: B0yzTeam

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Criminal
Brazil
0 incidents
Profile

B0yzTeam, also known as Boyztm, is a threat actor group identified as operating from Brazil. The group has been observed targeting public sector entities in the United States, specifically a housing authority, indicating a focus on organizations that manage citizen data and services. Their demonstrated objective in the observed incident was financial gain, as they issued a ransom demand of six Bitcoin, equivalent to approximately $4,000, in exchange for not leaking compromised information. No evidence links the group to state sponsorship or any larger criminal consortium in the available sources.

The group's tactics, as reported, involve website defacement and direct extortion via email. In the Bremerton Housing Authority case, they replaced the site’s content with a SouthPark character image and a message written in Portuguese, thereby signaling their linguistic and possibly cultural background. They followed the defacement with an email threatening to release the stolen database, which contained client names and the last four digits of Social Security Numbers, unless the ransom was paid. The reporting does not mention any specific malware families, exploit kits, or particular tools used to gain initial access, so details about their infection vectors or tooling remain unspecified based on the provided material.

The Bremerton Housing Authority incident represents the only publicly documented campaign attributed to B0yzTeam in the source material. After the defacement and ransom note, the housing authority refused to pay, contacted the FBI, and issued a security advisory to affected clients while working to replace the compromised data with more secure records. The outcome highlights the group's reliance on public embarrassment and financial pressure rather than sustained espionage or destructive effects, and it underscores that, as of the reported event, no further attacks or additional aliases have been confirmed in the open record.

Incidents
Attributed incidents available to members
0 incidents
Sources
Sources available to members
1 source