Menu
Browse

Cyber Threat Actor: 1962 teams

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Activist
Algeria
1 incident
Profile

The threat actor is publicly known by the aliases 1962 teams and Yanbian Gang. Open‑source reporting associates the group with Algerian hacker activity and notes that the actors operate from Algeria. The aliases appear in claim‑of‑responsibility statements for cyber incidents. No further information about the group's organizational structure, size, or funding is provided in the source material. The group's location is the only geographic detail that has been explicitly stated.

On 23 December 2022, the group defaced the website of the Bibliothèque nationale du Royaume du Maroc, the national library of Morocco. During the defacement they displayed the Algerian flag and posted a message that asserted they had gained access to the agricultural ministry's servers and six interior ministry databases. The message also declared that the alleged data would not be leaked and that the action was intended to warn Moroccan hacking groups to cease targeting Algerian entities. After the defacement, the library's website was taken offline for approximately one week while it was moved to a more secure server environment. Once the migration was completed, the site was restored and reported as fully operational. The library confirmed that its internal networks remained unaffected because existing firewalls and daily intrusion monitoring prevented deeper penetration. A joint investigation was launched by Moroccan national cybersecurity and data protection authorities to identify the perpetrators. Preliminary findings from that investigation indicated that the breach was confined to the homepage and lasted only a brief intrusion period. No evidence of data exfiltration, persistence, or lateral movement was reported in the public accounts. The incident was covered in an open‑source news article that described the attackers as Algerian hackers identifying as 1962 teams.

The tactics observed in this incident are limited to website defacement, a method that does not involve malware families or advanced tooling as described in the reporting. Attribution to Algerian hackers rests on the group's self‑identification and the geographic location noted in open sources. Aside from this single publicly reported operation, no additional campaigns or attributed activities are documented for 1962 teams or Yanbian Gang in the available material. Consequently, the profile is based solely on the confirmed facts presented in the source. No further details about the group's capabilities, motivations, or future intentions can be derived from the information provided.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources