313 Team

313 Team is an Iraq-based, Iran-aligned hacktivist group widely referred to as the Islamic Cyber Resistance in Iraq and described as an affiliate of the Cyber Islamic Resistance (CIR). The reporting portrays it as one of the most active actors in the 2026 Iran-related cyber conflict, including being identified as the single most active actor in one dataset with 222 incidents. It is described as part of a broader Iraqi militia-linked cyber proxy ecosystem aligned with the Axis of Resistance, alongside aliases and related labels including UniT 313, Unit 313, Gaza313, Islamic Cyber Resistance, and Islamic Cyber Resistance in Iraq. The group is primarily associated with disruptive operations, especially distributed denial-of-service (DDoS) attacks, but is also mentioned in connection with defacement and data leak operations. Multiple sources describe 313 Team as a central node in hacktivist coalitions, orchestrating simultaneous DDoS campaigns across GCC states and participating in the CIR Electronic Operations Room. Reported targeting includes Jordanian, Kuwaiti, and UAE government infrastructure; attacks claimed against jordan.gov.jo; coordinated assaults on 26 Kuwaiti government domains; and a coordinated DDoS campaign against 20 UAE government domains. The group publicly threatened Jordan, Saudi Arabia, the UAE, Kuwait, Israel, and the United States. Outside regional government targeting, 313 Team claimed responsibility for disruptive attacks against major public-facing platforms and companies including Ubuntu/Canonical, Bluesky, Truth Social, archive.org, eBay, and reportedly an Australian government authentication portal. In the Canonical incident, Canonical confirmed a sustained cross-border DDoS attack affecting Ubuntu.com and related services, while 313 Team claimed responsibility via Telegram and later demanded contact through a Session ID, which reporting assessed as a shift toward extortion. Reporting on Bluesky describes a sophisticated DDoS attack for which 313 Team claimed responsibility; Bluesky said it found no evidence of unauthorized access to private user data. The group is also described as claiming attacks on eBay US and Japan and on Truth Social. The content consistently characterizes 313 Team as pro-Iran, Iran-linked, or aligned with Iranian state interests, while also placing it operationally in Iraq and within the Islamic Cyber Resistance in Iraq branding. Several reports assess it as part of Iran’s broader proxy cyber ecosystem and note that its claims can be exaggerated or should be treated with caution.