Menu
Browse

Cyber Threat Actor: Hayalim Almonim

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Activist
Israel
3 incidents
Profile

The threat actor known as Hayalim Almonim, also referred to as Anonymous Soldiers, is a collective of Israeli hackers that publicly identifies with the anti‑fascist Antifa movement. According to their own statements and media reports, they operate from Israel and describe themselves as a loosely organized group without centralized leadership. Their aliases appear in Hebrew as Hayalim Almonim, which translates to Anonymous Soldiers, and in English as Anonymous Soldiers. They have framed their activities as part of a broader struggle against white supremacist and fascist organizations, claiming to act in solidarity with Antifa principles. The group asserts that its motivation is ideological rather than financial, positioning its actions as a form of counter‑terrorism against extremist networks.

The group’s targeting has been limited to websites affiliated with extremist organizations, specifically those linked to the Ku Klux Klan in the United States. In their reported operations they have breached these sites, exfiltrated personal data such as names, photographs, phone numbers and addresses of members, and then published that information on social media platforms. They also defaced the compromised web pages with anti‑racist messages, including the banner “Shabbat Shalom! Goodnight white pride.” Their stated strategic objective is to disrupt fascist networks and to “strike terror into the hearts of the enemies of humanity,” which they describe as a counter‑terrorism effort rather than a financially or espionage‑driven motive. No indication of profit‑seeking, state sponsorship, or intelligence‑gathering goals appears in the available sources.

The most publicly documented campaign occurred on 4 February 2021 when Hayalim Almonim breached the website of the Patriotic Brigade Knights, a KKK‑affiliated group, and released the personal details of its alleged leader and a senior member listed on a public sex offender registry. The actors referenced a prior similar intrusion against the Church of the Ku Klux Klan, which they claimed was active in twenty‑five U.S. states, indicating a pattern of repeated attacks on comparable targets. They have declared that they will continue such operations until they consider the Klan dismantled and have urged other anti‑fascist activists to emulate their tactics. The defacement and data leaks were intended to expose extremist members and to instill fear within those networks. No further technical details such as malware families, initial‑access vectors or specific tooling have been disclosed in the available sources.

Incidents
Attributed incidents available to members
3 incidents
Sources
Sources available to members
1 source