Cyber Threat Actor: 16-year-old from Odessa

The threat actor is known publiclyas a 16‑year‑old from Odessa, also referred to as a 16‑year‑old Ukrainian teenager. He resides in Ukraine, specifically the city of Odessa. In January 2020 he carried out a distributed denial‑of‑service (DDoS) attack against a Ukrainian internet service provider.

The attack followed the ISP’s refusal to meet his extortion demand for subscriber data. The sustained DDoS traffic disrupted the ISP’s network operations and prompted law‑enforcement involvement. Ukrainian cyber police traced the activity, arrested the suspect, and seized devices that contained DDoS tools and credentials linked to multiple hacker forums. The seized devices contained DDoS tools. No malware families or initial‑access vectors are mentioned in the source material; the attack is described as a sustained DDoS campaign.

The actor’s stated objective was to obtain specific customer information from the ISP, which aligns with an extortion‑motivated data‑theft goal rather than pure disruption or espionage. No evidence links the individual to a state sponsor, criminal consortium, or larger hacking group; he acted as a lone individual. The incident represents the only publicly reported operation attributed to this actor, and it led to criminal proceedings under Ukraine’s cybercrime statutes. While the attempted extortion charge was not pursued, the suspect faces possible imprisonment for the DDoS attacks themselves.