Mapping Attacks by TEAM FEARLESS
team fearless
  • Table of contents

The author

user_image
Gemma Goldstein
Marketing Manager
Share on LinkedIn

I love to get stuck in and let the creative juices flow. My strengths lie in idea generation, development and execution. Over 5 years experience in B2B cybersecurity. I reign supreme when my imagination and creativity can run wild.

Table of contents

Related Articles

The Great NPM Heist – September 2025
Threat Intelligence

The Great NPM Heist – September 2025

The Sept 2025 npm breach: 18+ packages, 2B+ weekly downloads, and crypto-stealing malware. We break...
Sep 10, 2025
Learn more
DarkComert RAT
Threat Intelligence

Decoding DarkComet’s (RAT) Shadow

Meet the RAT DarkComet. See its TTPs, some of its IOCs and more
Jun 12, 2025
Learn more
Threat Intelligence

Mapping Attacks by TEAM FEARLESS

Jul 8, 2025

TEAM FEARLESS, also known as 𝙏𝙀𝘼𝙈 𝙁𝙀𝘼𝙍𝙇𝙀𝙎𝙎 🇵🇸, is a hacktivist group active in various cyber operations. Their activities are motivated by political and ideological beliefs, primarily in support of Palestine, and they have notably targeted organizations and government entities associated with Israel.

The group primarily conducts Distributed Denial of Service (DDoS) attacks and has claimed responsibility for disrupting services of various organizations. TEAM FEARLESS also forwards messages from other hacktivist channels, such as NoName057(16), and has shown support for actions related to the conflict in Ukraine.

As of early July, their Telegram channel has 977 members. Over the last two months, the group has been very active, with various attacks, targeted corporations, and announcements shared by the group’s administrators.

Targeted Victims

TEAM FEARLESS has consistently targeted organizations in specific sectors and regions:

  • Government: Notable attacks include the a Ukranian City Council and various Israeli government websites.
  • Transportation: Notable attacks include multiple airports in the United States, including Miami International Airport and San Francisco International Airport.
  • Telecommunications: The group has also attacked a major telecommunications company in Vietnam.
  • Mining: A Ukrainian metallurgical company was targeted in their operations.

Regions affected by their attacks include:

  • Ukraine: Multiple incidents targeting governmental and municipal websites.
  • United States: Attacks on airports and various governmental organizations.
  • Israel: A significant focus of their operations, particularly during the ongoing Israel-Iran conflict.
  • Vietnam: Targeting local government and educational institutions.
TEAM FEARLESS Vietnam Attack

 

 

TEAM FEARLESS Israeli Attack

Tactics, Techniques, and Procedures (TTPs)

TEAM FEARLESS employs various tactics and techniques, primarily focusing on DDoS attacks to achieve its objectives of disruption and protest. Key attack patterns observed include:

  • DDoS (Distributed Denial of Service):
    • This is the primary method utilized by TEAM FEARLESS to disrupt services and render online resources unavailable. They achieve this by overwhelming target servers with a flood of illegitimate traffic, often originating from a network of compromised devices (a botnet) or through amplification techniques that bounce traffic off legitimate servers.
    • They have successfully executed DDoS attacks against numerous high-profile targets, including government websites and critical infrastructure. The impact of these attacks can range from temporary service outages, leading to reputational damage for the targeted organization, to significant financial losses due to operational downtime and recovery efforts.
    • Their ability to successfully target diverse and often well-protected entities highlights their access to sufficient resources, whether through their own infrastructure or rented botnet services.
  • Credential Dumping:
    • In some instances, TEAM FEARLESS has engaged in credential dumping, where they acquire and then leak sensitive authentication data. This activity suggests a capability beyond mere service disruption, indicating they may gain unauthorized access to systems to extract information.
    • Credential dumping can involve exploiting vulnerabilities in compromised systems or leveraging previously leaked data available on dark web forums.
    • Once obtained, these credentials can enable further unauthorized access to accounts, networks, and sensitive databases, potentially leading to data breaches or providing initial access points that could be sold to other malicious actors.
    • The act of leaking these credentials also serves their hacktivist agenda by exposing perceived vulnerabilities and embarrassing targeted organizations.
  • Web Application Attacks:
    • The operations carried out by TEAM FEARLESS also indicate an ability to exploit vulnerabilities present in web applications. These attacks aim to compromise the functionality or data integrity of websites and web-based services.
    • Common web application vulnerabilities that groups like TEAM FEARLESS might leverage include SQL injection, cross-site scripting (XSS), or insecure direct object references. Successful web application attacks can lead to various outcomes, such as website defacement, data theft from databases connected to the application, or even gaining control over administrative interfaces, leading to further service disruptions or unauthorized actions.
    • This demonstrates a more technical proficiency than simple volumetric DDoS attacks, allowing for targeted impact beyond mere denial of service.
team fearless Ukrainian Attack

Origins and Community Presence

TEAM FEARLESS has actively established alliances with other hacktivist groups, such as CyberVolk and YOGJASEC-XTEAM. These collaborations are a strategic move to enhance their operational capabilities, pooling resources and expertise, and thereby expanding their collective reach and impact.

The existence of such alliances signifies a broader, interconnected ecosystem within the hacktivist community, where groups can leverage each other’s strengths for larger-scale cyber operations. These partnerships are often publicized through their communication channels, which serves to emphasize a united front in their cyber operations, bolstering their perceived strength and deterrent capability.

The group maintains a robust and active presence across various communication platforms, particulaly Telegram. This platform serves as a central hub where they share real-time updates on their ongoing operations, coordinate upcoming attacks with their members and affiliates, and extensively promote their political and ideological beliefs to a wider audience.

They actively utilize specific channels, such as HackNet, for disseminating information and engaging with their followers. Their activity extends beyond Telegram, with a presence on other social media platforms and online forums.

This multi-platform engagement indicates a structured and deliberate approach to recruitment, seeking to attract new members and sympathizers who align with their causes. By leveraging their claimed cyber activities, they foster community engagement and build support for their ideological stance, which is crucial for sustaining their operations and influencing public perception.

Their consistent presence and engagement efforts highlight their focus not only on technical execution but also on maintaining and growing their activist base.

Learn About Cyberint Threat Intelligence

To learn more about how our threat intelligence research helps protect businesses against ransomware and other risks, request a demo.

TTPs

Tactic Technique
Reconnaissance T1593.001 – Social Media
Command and Control T1102.002 – Bidirectional Communication
Impact T1496 – Resource Hijacking
Impact T1498.002 – Reflection Amplification
Impact T1499.001 – OS Exhaustion Flood
Impact T1498 – Network Denial of Service

Uncover your compromised credentials from the deep and dark web

Fill in your business email to start