Keymous+ Hacker Group Claims 700+ DDoS Attacks Around The Globe

A hacktivist collective known as Keymous+ has emerged as a significant threat actor in the global cybersecurity landscape, claiming responsibility for over 700 distributed denial-of-service (DDoS) attacks throughout 2025.

The group, which identifies itself as “North African hackers,” has been actively targeting organizations across Europe, North Africa, the Middle East, and parts of Asia since late 2023, with their operations gaining substantial momentum in recent months.

The group’s attack strategy demonstrates a concerning lack of ideological consistency, targeting diverse sectors including government websites, telecommunications providers, financial platforms, educational institutions, and manufacturing infrastructure.

Their victims span multiple countries, with India (10.7%), France (10.3%), and Morocco (8.61%) representing the most heavily targeted nations. Government entities comprise 27.6% of their targets, making them the primary focus of Keymous+ operations.

Radware analysts identified the group’s dual operational structure, consisting of an “Alpha Team” responsible for data breaches and leaks, which is currently inactive, and a “Beta Team” focused exclusively on DDoS operations.

This organizational framework suggests a sophisticated approach to cyber warfare, allowing the group to specialize in different attack methodologies while maintaining operational security.

The group’s commercial connections raise significant questions about their true nature as hacktivists.

Evidence suggests Keymous+ operates or maintains close affiliations with EliteStress, a commercial DDoS-for-hire service offering attack capabilities ranging from €5 per day to €600 per month.

This platform provides access to various attack vectors including DNS amplification, UDP floods, HTTP/2 attacks, and spoofed SSH traffic.

Technical Infrastructure and Attack Methodology

The technical sophistication of Keymous+ operations extends beyond traditional hacktivist capabilities.

Their EliteStress platform features a comprehensive attack panel offering multiple vectors designed to bypass modern DDoS protection systems.

The service includes DNS amplification attacks that leverage public DNS servers to amplify traffic volumes, UDP flood attacks targeting specific ports and protocols, and advanced HTTP/2 flood techniques that can overwhelm web servers with legitimate-looking requests.

The group’s attack methodology incorporates both volumetric and application-layer techniques, with their platform supporting concurrent attacks across multiple global endpoints.

Their infrastructure demonstrates the evolution of modern DDoS-as-a-Service operations, blending hacktivist messaging with commercial cybercrime infrastructure.

Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now