TwoNet’s Telegram cybercrime-service ads and doxxing of officials
Threat Actor Meta
Summary
Hide ▲
Show ▼
TwoNet expanded its Telegram activity into cybercrime-service brokerage, advertising RaaS, hacker-for-hire, and SCADA access while also exposing intelligence and police personnel. That shift matters because it shows the group is monetizing access and intimidation beyond direct disruption. It also raises the risk that the actor can serve other criminals while extending pressure on critical infrastructure targets.
Related Happenings
TwoNet OT/ICS targeting campaign
Campaign
First: 09.10.2025 14:13
Last: 09.10.2025 14:13
Sources 1
How related:
A pro-Russian hacktivist group called TwoNet pivoted in less than a year from launching distributed denial-of-service (DDoS) attacks to targeting critical infrastructure.
About this happening:
The **TwoNet** hacktivist group has shifted from **DDoS** to **critical infrastructure targeting**, increasing the risk of disruptive **OT/ICS** attacks. In a **September** operat...
TwoNet OT/ICS targeting campaign
CampaignHow related: A pro-Russian hacktivist group called TwoNet pivoted in less than a year from launching distributed denial-of-service (DDoS) attacks to targeting critical infrastructure.
About this happening: The **TwoNet** hacktivist group has shifted from **DDoS** to **critical infrastructure targeting**, increasing the risk of disruptive **OT/ICS** attacks. In a **September** operat...
Japan passes Active Cyber Defense Law
Public Sector Action
First: 24.09.2025 03:00
Last: 24.09.2025 03:00
Sources 1
About this happening:
Japan passed the **Active Cyber Defense Law** in **May 2025**, giving the government new authority to **require incident reporting** and **intercept suspicious foreign Internet tr...
Japan passes Active Cyber Defense Law
Public Sector ActionAbout this happening: Japan passed the **Active Cyber Defense Law** in **May 2025**, giving the government new authority to **require incident reporting** and **intercept suspicious foreign Internet tr...
CISA-led joint cybersecurity advisory on PRC state-sponsored activity
Public Sector Action
First: 27.08.2025 15:00
Last: 27.08.2025 15:00
Sources 1
About this happening:
**CISA** coordinated with **NSA**, **FBI**, and international partners to release a **joint cybersecurity advisory** on **2025-08-27**. The guidance warns of a **deliberate and su...
CISA-led joint cybersecurity advisory on PRC state-sponsored activity
Public Sector ActionAbout this happening: **CISA** coordinated with **NSA**, **FBI**, and international partners to release a **joint cybersecurity advisory** on **2025-08-27**. The guidance warns of a **deliberate and su...
Timeline
-
09.10.2025 14:13 2 articles · 7mo ago
TwoNet Telegram cybercrime brokerage and doxxing
Campaign Scope UpdateTwoNet used its Telegram channel to advertise ransomware-as-a-service (RaaS), hacker-for-hire services, and initial access to SCADA systems in Poland while also publishing personal details of intelligence and police personnel. The channel activity shows a pro-Russian hacktivist group broadening beyond DDoS toward cybercrime brokerage and OT/ICS targeting of HMI or SCADA interfaces in enemy countries.
Show sources
- Hacktivists target critical infrastructure, hit decoy plant — www.bleepingcomputer.com — 09.10.2025 14:13
- Hacktivists target critical infrastructure, hit decoy plant — www.bleepingcomputer.com — 09.10.2025 14:13