Menu
Browse

Cyber Threat Actor: Max Dz

Actor Type Location Known Incidents
 Icon
Activist
1 incident
Profile

Max Dz has been publicly identified as one of several aliases used by hackers claiming Algerian affiliation in a 2016 cyberattack against Oi, a major Brazilian telecommunications provider. This actor operated alongside collaborators using the handles "Red hell Sofyan" and "Sm0ld3r" during the intrusion. The operation targeted multiple web properties belonging to the financially distressed company, which was undergoing bankruptcy proceedings at the time of the breach.

The attack involved defacing at least fifteen distinct web domains and subdomains, including Oi's primary corporate website, speed test portals, promotional campaign pages, and customer access points. Attackers replaced legitimate content with political messaging advocating for Palestine, though no evidence confirmed data exfiltration or destruction of backend systems. This incident demonstrated opportunistic targeting of organizations experiencing public operational instability, leveraging web infrastructure vulnerabilities to amplify disruptive impact during a sensitive period of corporate restructuring. The defacement's timing coincided with heightened scrutiny of Oi's financial viability, potentially compounding reputational damage beyond technical remediation efforts.

Technical specifics regarding initial access vectors, malware tooling, or persistent exploitation methods remain undocumented in public reporting. The operation's public-facing component centered on basic website alterations rather than sophisticated network penetration, suggesting a focus on symbolic disruption over financial gain or espionage. No verifiable connections to state-sponsored groups or established criminal enterprises have been attributed to Max Dz or associated aliases in this incident. The limited public footprint of this alias suggests either infrequent operational activity or deliberate avoidance of high-profile attacks attracting sustained analytical attention. The Oi breach remains the only publicly documented operation conclusively linked to this specific alias through credible reporting channels.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources