GrayHAT Group: A Closer Look at M5TL and Their Tactics
The hacking group known as GrayHAT, led by a figure operating under the alias M5TL ("Mokhtal"), has drawn increasing attention in underground circles. Based on recent observations and technical patterns, here’s a breakdown of their notable behaviors:
Targeting Russian RAT Users
GrayHAT appears to focus heavily on Russian users—specifically those using popular remote access tools (RATs) like njRAT, DarkComet, and Quasar. This suggests a strategic or even retaliatory motive, potentially viewing Russian malware developers as direct competition in the cybercrime space.
Advanced Use of Reverse Connections
The group shows proficiency in setting up reverse shells, custom binders, and maintaining persistence on compromised systems. Their approach often exploits either vulnerabilities in the RAT tools themselves or human error through social engineering tactics.
"Mokhtal" – A Rising Name in Arabic Cyber Circles
The alias "Mokhtal" has become increasingly recognized across Arabic-speaking hacking forums, Telegram channels, and Discord servers. This rise in notoriety could be due to spam campaigns or the inclusion of his tag in malware binaries—leaving a clear digital fingerprint.
In essence, GrayHAT seems to operate like a one-man cyberwar unit, reducing competition by hijacking the very tools used by others, while building a distinct identity in the Arabic-speaking hacker scene.
anonmanhere•8mo ago
The hacking group known as GrayHAT, led by a figure operating under the alias M5TL ("Mokhtal"), has drawn increasing attention in underground circles. Based on recent observations and technical patterns, here’s a breakdown of their notable behaviors:
Targeting Russian RAT Users GrayHAT appears to focus heavily on Russian users—specifically those using popular remote access tools (RATs) like njRAT, DarkComet, and Quasar. This suggests a strategic or even retaliatory motive, potentially viewing Russian malware developers as direct competition in the cybercrime space.
Advanced Use of Reverse Connections The group shows proficiency in setting up reverse shells, custom binders, and maintaining persistence on compromised systems. Their approach often exploits either vulnerabilities in the RAT tools themselves or human error through social engineering tactics.
"Mokhtal" – A Rising Name in Arabic Cyber Circles The alias "Mokhtal" has become increasingly recognized across Arabic-speaking hacking forums, Telegram channels, and Discord servers. This rise in notoriety could be due to spam campaigns or the inclusion of his tag in malware binaries—leaving a clear digital fingerprint.
In essence, GrayHAT seems to operate like a one-man cyberwar unit, reducing competition by hijacking the very tools used by others, while building a distinct identity in the Arabic-speaking hacker scene.