Cyber Threat Actor: Nigerian Cyber Army
| Actor Type | Location | Known Incidents |
Activist
|
Nigeria
|
3 incidents |
|---|
Profile
The Nigerian Cyber Army, also known as the Nigerian Cyber Hunters or NCH, is a hacker collective that operates from Nigeria and has been active since at least 2014. The group uses multiple aliases interchangeably in its public statements and has been linked to a series of website defacements targeting governmental and political entities. Its known targets include Nigeria’s Independent National Electoral Commission, the Ministry of Police Affairs, the Bangladesh Airport Armed Police, and the Pakistan People’s Party website, indicating a focus on public sector institutions across West Africa and South Asia. The actors describe their actions as protests against perceived government corruption, inadequate police remuneration, and societal bribery, and they often leave taunting messages that claim complete control of the compromised site while mocking the administrators’ security posture. These statements suggest that the group’s primary objectives are disruption, embarrassment, and the promotion of a hacktivist narrative rather than financial gain or espionage. No public reporting attributes the group to a state sponsor or a larger criminal consortium, and the available sources describe it as an independent collective of Nigerian hackers.
In terms of tactics, the referenced incidents consistently involve web defacement techniques where the attackers replace the target’s homepage with a protest message and sometimes a mirror of the defacement is posted on zone‑h.org. The articles do not mention specific malware families, exploit kits, or particular initial access vectors such as phishing or credential theft, so the only confirmed TTP theme is the defacement of publicly accessible web servers. The most notable operations include the March 2015 defacement of INEC’s site during voter accreditation, the January 2014 alteration of the Ministry of Police Affairs homepage to condemn corruption and police pay, and the August 2014 takeover of the Bangladesh Airport Armed Police website where the group referenced prior attacks on the Pakistan People’s Party. Each incident resulted in temporary downtime, a public statement from the victim organization, and an investigation, but the actors have not been linked to any subsequent data theft, ransomware deployment, or persistent intrusion beyond the defacement itself. The profile therefore remains limited to the observable pattern of politically motivated website vandalism carried out by a Nigeria‑based hacker group.
