Menu
Browse

Cyber Threat Actor: X-zakaria

Actor Type Location Known Incidents
 Icon
Activist
1 incident
Profile

The threat actor known under the alias 'X-zakaria' was publicly linked to a 2018 compromise of Ukraine's energy ministry website. This incident involved an initial website defacement attributed to X-zakaria, characterized by security analysts as hacktivist activity. The actor's actions facilitated secondary exploitation by a separate entity that deployed ransomware, though no collaborative relationship between the two attackers was established. Ukrainian cyber-police confirmed the attack's limited scope, affecting only the targeted website without compromising broader government systems or email infrastructure. The ransomware component—distinct from X-zakaria's involvement—sought financial gain through file encryption and a 0.1 bitcoin ransom demand.

Analysis of the incident indicated X-zakaria likely operated as an amateur hacker without state sponsorship, contrasting with historically observed destructive campaigns against Ukrainian energy targets that disguised geopolitical objectives as ransomware. The actor's targeting focused on public-facing web assets within Ukraine's energy sector, achieving temporary disruption through defacement rather than sophisticated network penetration. No malware families, persistent access mechanisms, or additional tooling were explicitly tied to X-zakaria in available reporting. The compromised ministry restored services without disclosing remediation timelines, while investigators noted minimal historical profits from the attackers' prior activities. This operation highlighted opportunistic tactics where multiple unaffiliated actors sequentially exploited the same entry point for divergent goals—hacktivist disruption followed by financially motivated encryption.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources