Menu
Browse

Cyber Threat Actor: Cleaver

Actor Type Location Known Incidents
 Icon
Hacker
Iran
2 incidents
Profile

The threat actor known by the alias Cleaver is also associated with the Twitter handle @CIeaver. Public reporting indicates that the actor operates from Iran. The alias Cleaver has been used in at least one documented cyber intrusion. No other aliases or alternative names for this actor appear in the source material. The actor’s online presence is primarily referenced through the handle linked to the 2015 incident.

On February 28, 2015, the actor compromised the website frontalot.com. The intrusion resulted in the extraction of a database containing approximately sixty‑six thousand records. The extracted data consisted of user account usernames paired with their corresponding hashed passwords. The actor subsequently published the dump, making the credentials accessible to third parties. This event is recorded as a credential‑dumping breach rather than a malware deployment or ransomware attack. The size of the dump, roughly sixty‑six thousand entries, places it among the mid‑sized credential leaks reported in that period. No additional technical details such as exploit vectors or tools used are provided in the source.

Attribution of the Cleaver persona to a specific state sponsor, intelligence service, or criminal consortium is not established in the available information. The source does not provide evidence linking the actor to any known Iranian governmental or military organization. Likewise, there is no indication that Cleaver is affiliated with a broader hacking‑for‑hire group or cybercrime syndicate. No other incidents referencing the alias Cleaver or the handle @CIeaver appear in the source material after 2015. Consequently, the actor’s activity appears limited to this single incident based on the current evidence. Any assessment of the actor’s typical targets, strategic objectives, or preferred tactics would require additional information beyond what is supplied. The profile therefore remains confined to the confirmed facts of the alias, location, date, target, and nature of the data disclosed. Further research would be needed to determine whether Cleaver represents an ongoing threat or a one‑time occurrence.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources