Cyber Threat Actor: Jordan-based Group
| Actor Type | Location | Known Incidents |
Activist
|
Jordan
|
1 incident |
|---|
Profile
Jordan-based Group is the alias used to refer to a threat actor that has been linked to cyber operations originating from Jordan. The actor’s location is noted as Jordan, and it became publicly known through a series of incidents reported in October 2023. These incidents occurred amid a broader wave of cyber activity targeting Israeli entities during a period of heightened hostilities, with more than forty groups reportedly involved in various disruptive actions. The group’s activities were highlighted by the compromise of digital billboards in Israel and a breach of an academic institution in the Tel Aviv area.
The actor’s targeting appears focused on Israeli infrastructure, specifically digital billboards and educational institutions, as evidenced by the reported incidents. The strategic objectives described in the open sources emphasize psychological impact and fear rather than extensive physical damage or financial gain. The group sought to alter public messaging and expose personal data to create a sense of vulnerability among the population. No explicit mention of financial motivation, espionage, or profit‑making activities is present in the provided information.
Observed tactics, techniques, and procedures include the defacement of digital billboards to display pro‑Hamas imagery and the unauthorized intrusion into an academic network that resulted in the exfiltration of personal records belonging to approximately 250,000 students and staff. The incidents involved digital intrusions designed to provoke fear and disrupt normal operations, with the affected institution subsequently collaborating with national cybersecurity authorities to mitigate the impact. No specific malware families, initial access vectors, or tooling styles are detailed in the source material, so those aspects are not included here.
Attribution to the Jordan-based Group is based solely on the alias and the geographic association with Jordan; no public statements have established a direct state nexus, criminal consortium affiliation, or sponsorship. The actor remains identified only by the name used in the reporting of the October 2023 events, and further links to other threat clusters are not evident from the available information.
The most notable publicly reported operation attributed to this actor took place on October 9, 2023, when digital billboards in Israel were briefly hijacked to show pro‑Hamas messages and simultaneously a Tel Aviv‑area academic institution suffered a data breach affecting a quarter of a million individuals. This combined action illustrates the group’s focus on using cyber means to achieve psychological disruption during a period of regional tension. The incident prompted a response from Israeli cybersecurity authorities and contributed to the broader narrative of cyber activity aimed at influencing public perception rather than causing prolonged technical outages.
