Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to threat actors
🇧🇩 BD

BD Anonymous

Also known asbd_anonymous

BD Anonymous is a Bangladeshi hacktivist group. The provided reporting places it among globally distributed pro-Iran and pro-Palestinian hacktivist actors, and also lists it among pro-Kremlin hacktivist groups in Olympics-related targeting. Reported activity consists primarily of claimed disruptive and propaganda-oriented operations, especially DDoS, along with doxxing/data exposure claims. Specifically, the content states that BD Anonymous previously targeted South Korean entities alongside Hider_Nex under #OpSouthKorea, claimed a direct attack against South Korea’s mnd.go.kr on March 19, and claimed a DDoS attack against interpol.int on March 25 framed around the ICC arrest warrant for Netanyahu. The content also states that BD Anonymous collected data and doxxed Netanyahu and other Israeli data, and that it was listed alongside AnonGhost and BABAYO EROR SYSTEM in simultaneous targeting of Israel and the United States. Known alias in the provided content: bd_anonymous.

Share:
Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial
OPERATIONAL PROFILE

Targeting

Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.

Who they target

Sectors the actor has been observed targeting.

  • Government & Administration
  • Military

Where they target

Geographies tied to known operations.

  • 🇰🇷 South Korea

Where they're from

Attributed origin per open-source reporting.

  • BD
MITRE ATT&CK

Tradecraft

1 distinct technique observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

1 of 15 tactics1 techniques×N= number of intelligence reports citing this technique
MITRE ATT&CK
TA0040
Impact
1 technique
T1498×2
Network Denial of Service
IOCS

Observables

2 indicators attributed to this actor: domains, IPs, hashes, and other artifacts pulled from reporting. View more in app.

2 IOCsView more in app

IOC values are gated. View more in Mallory for domains, IPs, hashes, and other artifacts, or pipe them straight into your SIEM.

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app
socradar blogNews
Mar 10, 2026
Telegram Hacktivist Activity Timeline of Iran - Israel & US War

Messaging-heavy Bangladeshi hacktivist group conducting DDoS attacks against symbolic international and South Korean targets framed around Palestine and anti-Western narratives.

Read more
falconfeeds blogNews
Mar 4, 2026
FalconFeeds.io Blog | Latest Cyber Threat Intelligence & Security Insights

Pro-Iran hacktivist group operating from Bangladesh as part of Iran’s globalized recruitment ecosystem.

Read more
zendata cybersecurity blogNews
Mar 2, 2026
Cyber Warfare in the US-Israel vs Iran Conflict (Roaring Lion & Epic Fury) - ZENDATA Cybersecurity

Hacktivist group cited making targeting declarations against Israel and the US during the surge; no specific tooling described.

Read more
risky biz rssNews
Feb 13, 2026
IcedID malware developer fakes his own death to escape the FBI

Pro-Kremlin hacktivist group involved in DDoS activity targeting Italian Olympics-related sites.

Read more
+1 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.
Start free trial
Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping1

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables2

Domains, IPs, and hashes tied to this actor, refreshed continuously.