Cyber Threat Actor: Mysterious Group of Hacktivists
| Actor Type | Location | Known Incidents |
Activist
|
Sri Lanka
|
1 incident |
|---|
Profile
The threat actor is known publiclyas the Mysterious Group of Hacktivists and is associated with Sri Lanka based on the geographic focus of its activities. It emerged in early 2021 with a coordinated action that altered DNS records for several Sri Lankan online properties. The group identifies itself through hacktivist messaging rather than financial or espionage motives, using its operations to draw attention to societal concerns.
Its targeting has been confined to Sri Lankan internet infrastructure, affecting high‑profile domains such as Google.lk as well as local business and news websites. The strategic objective demonstrated in the observed incident was to highlight issues of press freedom, political corruption, and minority rights, culminating in a nationalistic message displayed shortly after the country’s independence celebrations. This indicates a focus on disruption and awareness‑raising rather than profit or intelligence gathering.
The primary technique observed was DNS poisoning, whereby the actor manipulated domain name system records to redirect visitors to a webpage carrying the hacktivist message. No malware families, exploit kits, or other tooling were referenced in the reporting, suggesting the operation relied solely on network‑level manipulation rather than malicious software deployment. The attack was resolved within hours by the national domain administrator, NIC.lk, and was subsequently confirmed by the Telecommunications Regulatory Commission.
The only publicly reported operation attributed to this group is the February 6 2021 DNS hijacking campaign, which remains its most notable activity to date. No definitive links to state sponsors, criminal consortia, or other threat actor affiliations have been established in open sources, and the actor’s size, structure, or broader capabilities remain unspecified in the available information.
