Lizard Squad
Lizard Squad was a high-visibility hacking collective active primarily around 2014–2016 that is repeatedly described in the content as conducting disruptive distributed denial-of-service attacks, especially against gaming-related targets. The group is known for the Christmas Day 2014 attacks that overwhelmed Microsoft Xbox Live and Sony PlayStation Network, and it was also reported as disrupting Blizzard Battle.net and targeting online gaming services including World of Warcraft and League of Legends. The content also attributes to Lizard Squad the compromise and defacement of the Malaysia Airlines website, where the group branded itself as the "Official Cyber Caliphate," and notes that the extent of any link to Islamic State was unclear. In one gaming-related incident, the group publicly claimed on Twitter that a flight carrying Sony Online Entertainment president John Smedley had explosives on board, prompting a diversion. The content further states that Lizard Squad created and operated the DDoS-for-hire service "Lizard Stresser" in January 2015, and more broadly describes the group as helping pioneer the "DDoS-for-hire" model. Lizard Squad used the Darkode cybercrime forum, and multiple members were later arrested or identified in reporting and prosecutions, including Julius Kivimäki, also known as Zeekill and Ransom_man, described as a key former member; David "Abdilo" Crees; Zachary Buchta; and Bradley Jan Willem Van Rooy. The content also links the group to PoodleCorp in some law-enforcement reporting. Tactics and behavior directly mentioned in the content include DDoS attacks, website compromise/defacement, online harassment and threats, and operation of booter/stresser infrastructure.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- Software & Services
Tradecraft
3 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Observables
1 indicator attributed to this actor: domains, IPs, hashes, and other artifacts pulled from reporting. View more in app.
Recent activity
14 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Teenage hacker group discussed for its 2014 DDoS attack against Xbox and PlayStation and as part of the broader evolution of youth cybercrime gangs.
Operated the "Lizard Stresser" DDoS-for-hire service used to launch attacks against online targets.
Cybercrime group known for distributed denial-of-service (DDoS) attacks against high-profile online services (e.g., gaming networks).
DDoS-focused cybercrime group known for high-profile service disruption attacks (e.g., Xbox Live and PlayStation Network).
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.