Keymous+

Also known as: keymous, Keymous Plus, Keymous+

Keymous is a threat actor known for executing extensive DDoS attacks across multiple Arab countries, targeting government ministries and critical infrastructure. The group has claimed access to sensitive data, including over 300,000 records from Israel’s Ministry of Education, and has engaged in reconnaissance activities against various ministries in Bahrain and other nations. Keymous employs diverse infrastructure, including compromised IoT devices and DDoS-for-hire platforms, to amplify attack bandwidth. Their operations have been characterized by a focus on politically motivated cyberattacks, particularly in the context of regional conflicts.

Introduction

Keymous is a threat actor known for executing extensive DDoS attacks across multiple Arab countries, targeting government ministries and critical infrastructure. The group has claimed access to sensitive data, including over 300,000 records from Israel’s Ministry of Education, and has engaged in reconnaissance activities against various ministries in Bahrain and other nations. Keymous employs diverse infrastructure, including compromised IoT devices and DDoS-for-hire platforms, to amplify attack bandwidth. Their operations have been characterized by a focus on politically motivated cyberattacks, particularly in the context of regional conflicts.

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • CyberGate
  • Cyber Eye RAT
  • CrossRat

Attribution and Evidence

Information pending cataloguing.

References

References pending cataloguing.