Menu
Browse

Cyber Threat Actor: RedCult

Actor Type Location Known Incidents
 Icon
Activist
4 incidents
Profile

RedCult is a hacktivist collective known primarily by its alias, which appeared in public reporting alongside the Anonymous operation #OpISIS in February 2015. The group’s identity is defined by its collaboration with Anonymous to disrupt the online presence of extremist organizations, specifically targeting the Islamic State’s recruitment and propaganda channels. RedCult’s role in that campaign involved working with Anonymous to identify, suspend, and expose social media accounts linked to terrorist activity, thereby contributing to a broader effort to curtail the extremist group’s ability to communicate and radicalize individuals online.

The collective’s typical targeting focuses on social media platforms such as Twitter, Facebook, and YouTube, where extremist content is disseminated for recruitment and propaganda. Its strategic objective, as evidenced by the #OpISIS operation, is disruption rather than financial gain or espionage, aiming to dismantle the digital infrastructure used by terrorist organizations to spread messages and coordinate activities. Reported tactics include the takedown of hundreds of accounts, the public release of lists of suspected profiles on platforms like Pastebin, and the identification of websites, emails, and other online assets associated with the target for subsequent removal or exposure. No specific malware families, initial access vectors, or proprietary tools are described in the available sources, so the TTP characterization is limited to account suspension, information disclosure, and asset targeting derived from the campaign’s public disclosures.

Attribution information for RedCult remains tied to its cooperative relationship with Anonymous; no state sponsorship, criminal consortium, or independent affiliations are explicitly stated in the provided material. The most significant publicly reported operation involving RedCult is the #OpISIS campaign of February 2015, during which the group participated in a coordinated effort to remove extremist content, expose recruiter accounts, and declare ongoing intent to disrupt the terrorist organization’s online infrastructure. This operation represents the primary evidence of RedCult’s activity and objectives as documented in open‑source reporting.

Incidents
Attributed incidents available to members
4 incidents
Sources
Sources available to members
0 sources