Cyber Threat Actor: Avian
| Actor Type | Location | Known Incidents |
Activist
|
—
|
0 incidents |
|---|
Profile
Avian is an alias used by a threat actor that publicly claimed responsibility for defacing the official website of the Kathmandu Valley Town Development Committee in Nepal in August 2015. The same actors identified themselves as part of the Nepal Cyber Army in the message they left on the compromised site. No other names or aliases have been documented in the available sources.
The actors directed their actions toward Nepalese government institutions, specifically targeting a municipal website and asserting they had gained access to the server of the Department of Transportation. In their posted message they warned prominent political leaders that if certain strikes were not halted, personal bank details would be disclosed. This statement indicates a stated objective of exerting pressure on officials through the threat of releasing sensitive financial information, although no further motive is explicitly described in the source material.
The reported tactics involved website defacement and a claim of unauthorized server access, followed by the publication of a political warning on the compromised page. No specific malware families, exploit tools, or initial access vectors are mentioned in the article, so only the observed actions of altering web content and asserting server intrusion can be noted. The actors’ tooling style, as far as the source reveals, consisted of leaving a textual message rather than deploying code-based payloads.
Attribution claims made by the group link them to the Nepal Cyber Army, a collective they said they belonged to when announcing the hack. No public evidence or independent analysis has been provided in the source to confirm or refute this affiliation, and no state sponsorship or criminal consortium ties are described. Consequently, the only verifiable connection is the self‑declared association with the Nepal Cyber Army.
The most notable operation publicly attributed to Avian remains the August 2015 incident involving the Kathmandu Valley Town Development Committee website, the accompanying claim of Department of Transportation server access, and the directed warnings to Nepalese political figures. This episode stands as the sole documented activity for the actor in the available information.
