Milw0rm

Also known asMilw0rm

Milw0rm is a hacking group referenced in content about 1990s-era hacking groups and in reporting on politically motivated website defacements in 1998. The content links the group to a British hacker known as JF and states that a protest webpage used in a mass defacement of more than 300 websites bore the Milw0rm logo. In that incident, the attackers replaced homepages with a mushroom cloud image and an anti-nuclear declaration after exploiting weaknesses in EasySpace hosting infrastructure. The reporting characterized the activity as politically motivated anti-nuclear hacking rather than security research. The content also states that Milw0rm had previously claimed responsibility for stealing email and deleting web servers at the Bhabha Atomic Research Centre in Bombay, India, in the context of India-Pakistan nuclear tensions. The group is also listed in a Wikipedia navigational template of hacking groups associated with the 1990s. No nation-state attribution is provided in the content.

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

MITRE ATT&CK

Tradecraft

3 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

2 of 15 tactics4 techniques×N= number of intelligence reports citing this technique

MITRE ATT&CK

TA0009

Collection

1 technique

T1114

Email Collection

TA0040

Impact

2 techniques

T1485

Data Destruction

T1491

Defacement

T1491.001

Internal Defacement

ACTIVITY FEED

Recent activity

6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

6 SOURCESView more in app

wikipedia enNews

Jun 4, 2026

Lewis De Payne - Wikipedia

Referenced as a named hacking group in the historical timeline/navigation content.

wikipedia enNews

Jun 1, 2026

Lewis DePayne - Wikipedia

Named hacking group listed in the content's 1990s timeline/navigation material.

wikipedia cyber incidentsNews

Jun 15, 2011

Casino (computer virus) - Wikipedia

Named as a hacking group in a 1990s hacking timeline/sidebar; no specific operations, malware use, or targeting details are provided in the content.

web archiveNews

Jul 8, 1998

Brithacker

Hacktivist group tied to JF that conducted anti-nuclear politically motivated intrusions, including mass website defacements and attacks on India's atomic research center.

+2 more in the timeline

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping3

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.