Menu
Browse

Cyber Threat Actor: Jaish-e-Mohammed

Aliases: 3 aliases
Actor Type Location Known Incidents
 Icon
Terrorist
Pakistan
1 incident
Profile

Jaish-e-Mohammed,also known as JeM or Army of Mohammed, is referenced in open sources as a Pakistan-based actor that has been linked to cyber operations. The only publicly detailed activity attributed to this group in the provided material concerns a coordinated cyber campaign that took place on February 14 2019. According to the reporting, the operation originated from actors located in Pakistan and made use of infrastructure hosted in Bangladesh to launch the attacks. The description identifies the perpetrators as Pakistan‑based without further specification of their organizational structure or any formal state affiliation.

The February 2019 campaign targeted government websites and critical infrastructure systems, with a specific focus on financial networks and power‑grid management functions. The actors attempted to breach these systems but were thwarted by defensive measures employed by the victims. After failing to gain access, the perpetrators shifted their approach to disinformation, disseminating false claims about military leadership changes and fabricated casualty reports in an effort to sow confusion. Authorities reported that these misleading narratives were countered and that investigations were launched to identify those responsible for the malicious activity. The narrative does not mention any particular malware families, exploit tools, or initial‑access vectors associated with the operation.

Attribution in the source material is limited to the observation that the activity emanated from Pakistan‑based actors utilizing Bangladeshi infrastructure; no explicit link to a state sponsor, criminal consortium, or other affiliations is provided. Consequently, the only concrete example of a publicly reported operation linked to Jaish‑e‑Mohammed in the given context is the February 2019 incident involving attempts against governmental and critical‑infrastructure targets followed by a disinformation phase. No additional campaigns, tooling details, or tactical patterns are described in the available information, so further specifics about the group’s typical TTPs remain undocumented in the supplied sources.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources