Ghost Princess is a pro-Iranian, anti-Israeli hacktivist persona active in the Middle East cyber conflict ecosystem. The actor is also referenced as ghostprincess and ghost_princess, and has been associated with the label TheGhostsITM in operational and propaganda contexts. Activity attributed to this actor has centered on support for anti-Israel campaigns, including amplification of coordinated influence operations such as #OpIsrael and claimed cyber operations against Israeli military, defense-adjacent, and utility targets. Observed behavior places Ghost Princess within the broader cluster of ideologically motivated hacktivist groups that surged during periods of Iran-Israel escalation. Reported operations and claims align with common hacktivist tradecraft in the region: distributed denial-of-service activity, website defacement, opportunistic intrusion claims, and information operations designed to magnify perceived impact and shape public narratives. The actor has also been described as coordinating messaging across Gulf Cooperation Council states, indicating a role not only in disruptive cyber activity but also in cross-platform propaganda and mobilization. Ghost Princess has been listed among pro-Iranian groups active during the June 2025 Iran-Israel cyber escalation, when numerous hacktivist collectives targeted Israeli government, military, and critical infrastructure entities. The actor was also identified among groups claiming activity during the late February to early March 2026 escalation involving Israel, Iran, the United States, and regional spillover. In that period, hacktivist operations across the ecosystem were dominated by DDoS, defacement, and alleged breach activity against government, financial, aviation, telecommunications, and critical-infrastructure organizations. Available information supports characterizing Ghost Princess primarily as a politically motivated hacktivist actor rather than a confirmed state-directed advanced persistent threat. Although it operates in an environment where Iranian state interests, proxy actors, and aligned online influence networks often overlap, high-confidence public evidence tying Ghost Princess directly to Iranian government command structures is not currently available. Its significance lies in its participation in coordinated anti-Israel cyber and influence campaigns, especially during periods of heightened regional conflict.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Hacktivist persona/group amplifying #OpIsrael messaging, coordinating narratives across GCC states, and promoting threats against Israeli utilities and defense-adjacent entities.
Targets Israeli military and defense systems with information warfare and cyberattacks.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.