Trinity is a pro-Ukrainian hacktivist group identified in the content as part of the Ukrainian Cyber Alliance, a volunteer coalition composed of CyberHunta, Falcons Flame, Trinity, and RUH8. The alliance is described as declaring the Kremlin its enemy and aiming to expose Russian meddling in Ukraine. Trinity is mentioned as working with CyberJunta/CyberHunta, FalconsFlame, and RUH8. Operations directly attributed to Trinity in the content include joint hacks and defacements with Falcons Flame against nine websites associated with the self-proclaimed Donetsk People's Republic and alleged private Russian military companies linked to Russia's FSB, as well as attacks on about a dozen separatist websites. Trinity also participated with FalconsFlame and CyberHunta activists in an operation against Crimean websites that caused altered statements to appear on those sites. The broader coalition context in the content links the Ukrainian Cyber Alliance to the leak of purported emails and documents from Kremlin aide Vladislav Surkov, which allegedly exposed Kremlin coordination with separatists and plans to destabilize Ukraine. The content also states that the alliance used methods including spear-phishing and malware, and that the Surkov compromise was claimed to have been achieved by CyberHunta using malware or 'special software.' High-confidence aliases and associated groups mentioned in the content are Trinity, Falcons Flame/FalconsFlame, RUH8, CyberHunta/CyberJunta, and the Ukrainian Cyber Alliance.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Sectors the actor has been observed targeting.
Geographies tied to known operations.
3 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Ukrainian hacktivist group within the Ukrainian Cyber Alliance involved in hacking and defacing separatist and Russian-linked websites.
Named as a hacker group working with CyberJunta in the Surkov document leak operation.
Participated in website compromise/defacement operations against Crimean and separatist websites, including posting political statements and messages.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.