SYLHET GANG-SG
Sylhet Gang-SG is a Bangladesh-based hacktivist group described in the content as part of the globally distributed pro-Iranian cyber ecosystem. It is repeatedly associated with pro-Iran and anti-Israel operations and is identified as one of the groups participating in the Cyber Islamic Resistance / Electronic Operations Room-aligned campaign during the 2026 Iran conflict. The group has also been described as a Southeast Asian collective and as operating from Bangladesh. The content links Sylhet Gang-SG to disruptive operations, especially DDoS activity, against government, financial, media, and critical infrastructure targets. It is mentioned as collaborating with DieNet and Team Azrael during the May 2025 India-Pakistan standoff to target Indian government portals, and as one of the groups that targeted Indian government and financial sectors during that conflict. In that context, Sylhet Gang-SG claimed exfiltration of more than 247 GB of data from India’s National Informatics Centre and also claimed access to Andhra Pradesh High Court data; however, the supporting reporting assessed the NIC sample as largely public material and the Andhra Pradesh High Court data as mostly publicly accessible case metadata with some leaked password hashes. The group was also listed among actors claiming attacks on Israeli resources, including national identity providers and e-government portals, and was specifically cited for a claimed attack on Siemens S7 PLCs in Tel Aviv and for disrupting the Tzofar Red Alert app and radio stations. The content further states that Sylhet Gang-SG publicly declared allegiance to KillNet 2.0. It is also noted that DieNet was promoted on its launch day by Mr. Hamza and Sylhet Gang-SG, indicating propaganda or coalition support ties. Known alias in the provided content: sylhet_gang_sg.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Where they're from
Attributed origin per open-source reporting.
- BD
Tradecraft
4 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Recent activity
10 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Southeast Asian hacktivist collective using DieNet tooling to target Kuwaiti government infrastructure.
Named hacktivist group participating in the Iranian-aligned cyber campaign during the 2026 conflict.
Hacktivist group aligned with DieNet in operations against Indian government portals and part of DieNet’s broader support and amplification ecosystem.
Hacktivist group claiming attacks on Israeli government-related resources and associated with underground DDoS-for-hire activity.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.