Menu
Browse

Cyber Threat Actor: Discoli

Actor Type Location Known Incidents
 Icon
Sensationalist
0 incidents
Profile

Discoli emerged as a publicly identified threat actor following the November 2020 breach of OGUsers, an online forum frequented by individuals trading compromised social media accounts. The attack marked the third compromise of this platform, with Discoli participating in defacing the homepage and exfiltrating sensitive user data including profiles and private messages. Notably, the actor engaged in overt taunting by offering to remove victims' information from an impending leak in exchange for payment, though they later characterized the intrusion as being motivated by entertainment rather than financial gain or destructive intent. This operation demonstrated a focus on disrupting underground cybercrime communities rather than traditional corporate or government targets, exploiting the forum's own security weaknesses to compromise its members.

The breach methodology centered on exploiting an outdated plugin within the forum's infrastructure, illustrating Discoli's opportunistic approach to initial access rather than reliance on sophisticated custom tooling. While the ransom offers suggested potential financial motives, the actor's explicit "for fun" justification and choice of target—a hub for account hijackers—created an unusual dynamic where cybercriminals became victims. This incident did not showcase advanced persistent threat behaviors but rather a targeted strike against a specific community, leveraging stolen data both for extortion and public shaming of the forum's user base. No malware families or additional TTPs were documented in available reporting, with the operation appearing isolated in scope and execution.

Public reporting attributes no other campaigns to Discoli beyond the OGUsers intrusion, and no clear affiliations with state actors or criminal syndicates have been established. The actor's activities remain singularly associated with this event, which disrupted a platform facilitating credential theft and social media account takeovers. While the data leak threatened broader collateral damage to individuals referenced in the stolen forum messages, Discoli's footprint in the threat landscape appears confined to this opportunistic compromise of a niche cybercrime ecosystem. The operation highlighted how threat actors sometimes target other malicious actors, creating complex victim-perpetrator relationships within underground communities.

Incidents
Attributed incidents available to members
0 incidents
Sources
Sources available to members
0 sources