{ "id": "0e0ee9fa-7017-49b2-9dce-1823369af826", "created_at": "2026-04-06T00:13:09.375177Z", "updated_at": "2026-04-10T13:11:24.807273Z", "deleted_at": null, "sha1_hash": "2c637562528048929d1100471b6976cff7a4f8ef", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 94209, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 20:48:11 UTC\r\n Other threat group: OurMine\r\nNames\r\nOurMine (real name)\r\nATK 128 (Thales)\r\nTAG-HA10 (Recorded Future)\r\nCountry Saudi Arabia\r\nMotivation Financial gain\r\nFirst seen 2016\r\nDescription\r\nOurMine is known for celebrity internet accounts, often causing cyber vandalism, to\r\nadvertise their commercial services.\r\n(Trend Micro) In light of the recent report detailing its willingness to pay\r\nUS$250,000 in exchange for the 1.5 terabytes’ worth of data swiped by hackers from\r\nits servers, HBO finds itself dealing with yet another security breach.\r\nKnown for hijacking prominent social media accounts, the self-styled white hat\r\nhacking group OurMine took over a number of verified Twitter and Facebook\r\naccounts belonging to the cable network. These include accounts for HBO shows,\r\nsuch as “Game of Thrones,” “Girls,” and “Ballers.”\r\nThis is not the first time that OurMine has claimed responsibility for hacking high-profile social networking accounts. Last year, the group victimized Marvel, The New\r\nYork Times, and even the heads of some of the biggest technology companies in the\r\nworld. Mark Zuckerberg, Jack Dorsey, Sundar Pichai, and Daniel Ek — the CEOs of\r\nFacebook, Twitter, Google and Spotify, respectively — have also fallen victim to the\r\nhackers, dispelling the notion that a career in software and technology exempts one\r\nfrom being compromised.\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=cb1c375a-56b6-433e-98d5-cbc7f57fe71e\r\nPage 1 of 3\n\nObserved\nSectors: Casinos and Gambling, High-Tech, Media, Telecommunications.\nCountries: UK, USA.\nTools used\nOperations performed\nOct 2016\nBuzzFeed hacked by OurMine after it claimed to unmask one of its\nmembers\nDec 2016\nBreach of Netflix and Marvel Twitter accounts\nDec 2016\nBreach of Nat Geo Photography’s Twitter account\nJan 2017\nBreach of several Twitter accounts affiliated with WWE, including\nthose of WWE Universe, WWE NXT, wrestler and celebrity John\nCena, WrestleMania, WWE Network and Summer Slam\nApr 2017\nBreach of several Medium blogs\nAug 2017\nGame of Thrones secrets revealed as HBO Twitter accounts hacked\nAug 2017\nBreach of VEVO\nVevo, the joint venture between Universal Music Group, Sony Music\nEntertainment, Abu Dhabi Media, Warner Music Group, and Alphabet\nInc. (Google’s parent company), was just hacked. Roughly 3.12TB\nworth of internal files have been posted online, and a couple of the\ndocuments reviewed by Gizmodo appear sensitive.\nAug 2017\nBreach of PlayStation social media accounts\nAug 2017\nBreach of Twitter accounts of FC Barcelona and Real Madrid\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=cb1c375a-56b6-433e-98d5-cbc7f57fe71e\nPage 2 of 3\n\nSep 2017\nBreach of DNS records of WikiLeaks\nJan 2020\nOurMine crew hijacks social media accounts for the NFL, the 49ers,\nCardinals, Bears, Bills, Broncos, Browns, Bucs, Cowboys, Colts,\nChiefs, Eagles, Giants, Packers, Texans, and Vikings.\nFeb 2020\nBreach of Facebook's Twitter, Instragram, Messenger's Twitter and\nMessenger's Instagram accounts\nFeb 2020\nBreach of the official Twitter accounts of FC Barcelona, the Olympics\nand the International Olympic Committee (IOC)\nInformation\nLast change to this card: 09 December 2021\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=cb1c375a-56b6-433e-98d5-cbc7f57fe71e\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=cb1c375a-56b6-433e-98d5-cbc7f57fe71e\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://apt.etda.or.th/cgi-bin/showcard.cgi?u=cb1c375a-56b6-433e-98d5-cbc7f57fe71e" ], "report_names": [ "showcard.cgi?u=cb1c375a-56b6-433e-98d5-cbc7f57fe71e" ], "threat_actors": [ { "id": "e4ccfe5c-4d77-4503-bf1c-36076dbd78d0", "created_at": "2022-10-25T16:07:24.522697Z", "updated_at": "2026-04-10T02:00:05.02215Z", "deleted_at": null, "main_name": "OurMine", "aliases": [ "ATK 128", "TAG-HA10" ], "source_name": "ETDA:OurMine", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "74f1da67-5bc9-49ee-ba8e-b7e8b452a2c2", "created_at": "2023-01-06T13:46:39.021238Z", "updated_at": "2026-04-10T02:00:03.183989Z", "deleted_at": null, "main_name": "OurMine", "aliases": [], "source_name": "MISPGALAXY:OurMine", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434389, "ts_updated_at": 1775826684, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/2c637562528048929d1100471b6976cff7a4f8ef.pdf", "text": "https://archive.orkl.eu/2c637562528048929d1100471b6976cff7a4f8ef.txt", "img": "https://archive.orkl.eu/2c637562528048929d1100471b6976cff7a4f8ef.jpg" } }