Threat Intelligence Tarot
Vol. II · 106
Criminal (US-based, young adults)
★★★★★
risk 2/5
✦ The Unmasked ✦
ViLE
Vile group · USDoD adjacent
Law enforcement databasesSocial media accountsCryptocurrency walletsIndividuals with valuable handlesPersonal data brokers
Active since ~2021 · Doxing, Extortion, Status, Financial gain
The Unmasked strips away the face behind the badge and the name behind the handle, wearing stolen identities as trophies. It finds the most sensitive data precisely because it has no fear of crossing the line between civilian and law enforcement.
Tactics & Techniques
RCN
RDV
INI
EXC
PRS
PRV
EVA
CRD
DSC
LAT
COL
C2
EXF
IMP
Notable Operations
- ◆Accessing FBI CJIS law enforcement portal using stolen credentials
- ◆Selling personal data pulled from government law enforcement systems
- ◆High-value social media handle takeovers via credential attacks
- ◆Extortion of individuals using doxed personal information
Defenses
- ▸Law enforcement portal access via phishing-resistant MFA and device certificates onlyCISA Zero Trust Maturity Model
- ▸Privileged access workstations for all access to sensitive law enforcement databasesCIS Control 6 ↗
- ▸User and entity behavior analytics monitoring for unusual data access patternsNIST CSF: DE.AE ↗
- ▸Social media account recovery hardening with backup codes stored offlineCIS Control 5 ↗
Reversed: Their Weakness
Law enforcement database access hardened with phishing-resistant MFA and zero-trust architecture makes credential-based access impossible. Arrests of members in 2022 demonstrated that law enforcement visibility into hacker forums is a genuine deterrent.
Share this adversary profile
Compare →swipe to browse
Related Adversaries
Data sourced from MITRE ATT&CK. For educational purposes.