Cyber Threat Actor: 1962 teams

The threat actor knownpublicly as 1962 teams, also referred to as Yanbian Gang or Yanbian, operates from Algeria and has been identified in open sources as a group of Algerian hackers. The alias “1962 teams” appears in their communications during a reported cyber incident, while the names Yanbian Gang and Yanbian have been used interchangeably in related discussions. Their known activity is limited to a single publicly documented operation, and no broader pattern of targeting or operational structure has been established in the available material. The group has not been linked to any state sponsor or criminal consortium through publicly attributable evidence, and their organizational size or internal hierarchy remains unspecified.

In December 2022 the actor defaced the website of the Bibliothèque nationale du Royaume du Maroc, displaying the Algerian flag and a message asserting access to agricultural ministry servers and six interior ministry databases while stating they would not leak the data. The defacement was intended as a warning to Moroccan hacking groups to cease targeting Algerian entities, indicating a strategic objective focused on deterrence rather than financial gain or espionage. The attack resulted in a week‑long downtime before the institution migrated its site to a more secure server, after which normal functionality was restored; internal systems were reported to have remained unaffected due to existing firewalls and routine intrusion monitoring. A joint investigation was launched by Moroccan national cybersecurity and data protection authorities, with preliminary findings concluding that the breach was confined to the homepage during a brief intrusion window. No details regarding malware families, initial access vectors, or specific tooling have been disclosed in the public reporting of this incident. Consequently, the profile of 1962 teams is presently defined solely by this isolated website defacement and the accompanying statements made by the actors.