Menu
Browse

Cyber Threat Actor: Libyan Cyber Army

Actor Type Location Known Incidents
 Icon
Activist
Libya
1 incident
Profile

The Libyan Cyber Army is a threat actor known by that alias and has been associated with operations originating from Libya. The group first came to public attention through website defacement activities. No other names or aliases have been reported in open sources. Their geographic base is identified as Libya, though no further detail about infrastructure is available.

The actor has targeted government websites in Egypt and Libya, as well as privately owned Israeli online properties. These targets span the public sector and private sector, indicating a focus on accessible web assets. The observed activity consists of defacing the compromised sites with political symbols and messages. No evidence of data theft, financial fraud, or malware deployment has been linked to the group in reported incidents.

The most cited incident occurred on April 28, 2014, when the Egyptian Ministry of Information’s website was altered to display a Libyan flag and the statement 'Hacked by the Great Team'. At the time of the defacement, the actors did not provide a clear motive for the action. The same source notes that the Libyan Cyber Army had previously conducted similar actions against Libyan government sites and Israeli private websites. This pattern suggests a repeated use of website defacement as a primary method of intrusion.

Public reporting does not associate the Libyan Cyber Army with any state sponsor, criminal consortium, or ideological movement. Attribution remains limited to the self‑identified moniker used during the defacements. No technical details such as malware families, exploit kits, or command‑and‑control infrastructure have been disclosed. Consequently, the group’s tooling style and initial access vectors are unknown from open sources.

Because the available information is limited to a handful of defacement events, any assessment of broader campaigns or strategic objectives would be speculative. The actor’s known activity is confined to website alteration without accompanying data exfiltration or persistent access. Future tracking of the Libyan Cyber Army would require additional observed incidents or technical disclosures. Until more information emerges, the profile remains based solely on the publicly reported defacements described above.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources