Cyber Threat Actor: theinfidel
| Actor Type | Location | Known Incidents |
Activist
|
United Kingdom
|
1 incident |
|---|
Profile
th3inf1d3l is a threat actor known by the alias @th3inf1d3l and has been associated with operations originating from the United Kingdom. The actor first came to public attention through a breach of a UK‑based Islamic community platform in February 2014, where they claimed responsibility for leaking user data. Prior to this incident, the actor had reportedly conducted similar operations against the same platform, indicating a pattern of repeated targeting. No further biographical details, such as real name or organizational affiliation, are publicly available in the sourced material.
The actor’s stated focus appears to be on entities linked to the Muslim community in the United Kingdom, as evidenced by the attack on muslimdirectory.co.uk and the accompanying claim of infiltration across British institutions such as hospitals, financial bodies and city councils. The actor explicitly cited Islamophobic motivations for the breach, framing the operation as part of the #OpFuckMohammad campaign. In terms of tactics, the actor compromised the website to extract user credentials—including emails, plaintext passwords, full names, phone numbers, addresses and workplace details—and then published the data via Pastebin and stashbox.org, providing a link to the complete leak. No specific malware families, exploit tools or initial access vectors are described in the available sources.
The #OpFuckMohammad campaign represents the most notable operation attributed to th3inf1d3l, resulting in the exposure of 38,903 user credentials from the Muslim Directory site. The leaked information encompassed a range of personal data, though not every record contained all fields. The actor publicized the breach through a Twitter announcement that directed followers to the Pastebin message and the Stashbox link, amplifying the reach of the disclosed data. While the actor claimed to have infiltrated various British sectors, the sources do not provide independent verification of those assertions or any additional campaigns beyond the described incident. Consequently, the profile is limited to the confirmed facts surrounding the alias, the 2014 breach, the claimed Islamophobic motive, the use of web‑based credential theft and paste‑site leakage, and the associated #OpFuckMohammad operation.
