Unveiling DeltaBoys : Interview about their Past and Motivation.

Published On : 2023-06-09
Share :
Unveiling DeltaBoys : Interview about their Past and Motivation.


Recently CYFIRMA published a report on the new threat actor group DeltaBoys. In a follow-up, we were able to get in touch with “Anony”, representing the group and asked some questions to clarify their motivation and learn more about the people behind the veil.

Please note: this interview wasn’t conducted in real time, and out of courtesy, we are presenting answers as they were sent. English is not their native language, and any corrections could result in misinterpretation.


CYFIRMA: Just to confirm, what should we call you and your group?


  • We in the past.
  • We were a big group.
  • But now we are separated, and it was my decision.
  • My Group Name, its “deltaboys”, but my name its hidden and everyone called me “anony”. My old name was hidden forever.

CYFIRMA: Before we go ahead, why are you talking to us?

DeltaBoys: We were interested in communicating with the media directly, we are people, and we are interested in communication.

CYFIRMA: To properly introduce you, how would you describe yourself in terms of business? (Access Broker, Traffer, etc.)

DeltaBoys: We are an old group and for some time our activities were confined to the underground space, but a year ago we started activities under the new name DeltaBoys.

We infiltrate government organizations and bodies and publish their information.

CYFIRMA: There was a recent article about you published, can you explain what or how that article made you feel/affected your operations?

DeltaBoys: We are secretive, but when news of our actions is published, it is attractive to us, it gives us a good feeling and increases the power of our attacks.

CYFIRMA: What is your speciality or true passion in technical terms?

DeltaBoys: For nearly 20 years, we have specialized in the field of penetration and vulnerability detection.

CYFIRMA: Tell us about your origins. How did you get into hacking? When did your crew emerge, and what truly fuels your activities? We want to understand the motivations and objectives that drive your actions.

DeltaBoys: At the beginning, most of our goals were based on exposing corrupt governments, corruption and government crimes against people torment us, when we were able to make people happy with our performance, we did it with more interest.

CYFIRMA: Have you ever collaborated with other groups? We’re curious if you have formed any affiliations or alliances. If you can’t tell specific names, just generic answer is good too.

DeltaBoys: Yes, we worked with many groups, but the rules of our group were not compatible with other groups, unfortunately most of the famous groups are affiliated with security organizations at the same time.
It is interesting to know that most hacker groups were our victims and we obtained and published a lot of information from them.

CYFIRMA: Let’s talk about targets. Who has been in the crosshairs of DeltaBoys, particularly when it comes to Israeli infrastructure? We’re interested in the ideological reasons behind some of your selective attacks.

DeltaBoys: The Israeli government is a spy.
It has killed many innocent people all over the world and it is natural for us to enjoy the Hacking and disclosure of their information. So far, many cyber groups from the country of Israel were our target and we noticed their information and operational weakness, their goal is mostly to the work of hackers is with financial control

CYFIRMA: We’ve observed growth in web defacement attacks in particular, can you share the drive behind that? Did your group get more members or is it increased sophistication of your methods and tactics? We are curious to learn as much as you can share.

DeltaBoys: We are a small but secret group.
Some of our intrusions are after checking the information of an organization, we are aware of the documents and emails related to them, and we take action to release the information at a critical time. Our people collect sensitive information daily. Public hacks are related to our old targets.

CYFIRMA: How do you identify targets? Can you share some insights into the process and/or vulnerabilities that catch your attention and make you say, “This one’s worth a hit!”

DeltaBoys: We have a vulnerability testing lab.
And we identify the latest vulnerabilities and release them to VIP members, after using them to the fullest. We identify government targets through members and the level of corruption.

We also hack ordinary people for fun, if they see fraud and corruption. For example, a financial exchange was committing fraud and we destroyed the person’s business, emailed his confidential documents to all customers, and donated a significant amount from his account to a global charity organization.

CYFIRMA: Can you share some of your tactics with us? What distinctive methods and techniques do you employ that set you apart from other threat actor groups?

DeltaBoys: We cannot publish our work method.
But we get the most results by using zero-day vulnerabilities and human error attacks.
For example, a security organization consists of 3000 employees, it is enough for one employee to make a human error and we gain access to the entire organization.
Emails, passwords, VPNs, files, virtual networks, social networks can all be targets for a broader hack.

CYFIRMA: You are known for offering private hacker training sessions and access to 0-day vulnerabilities. Tell us about these training sessions and if you can, also about getting these 0-days?

DeltaBoys: We train hackers according to our rules.
Vulnerabilities and penetration methods are not the only thing we teach people.
We teach them patience, tolerance and “accurate search”, because the most important factor in turning a normal person into a hacker, apart from specialized training, is correct search and patience.
All the steps of hacking a site or network are fully explained in the tutorials, and finally, educational attacks are carried out online in the web space.

CYFIRMA: Now for a more touchy topic, the money. How do you monetize your operations, what is the biggest money maker for you? Do you study and employ any business practices to maximize effectiveness and profits?

DeltaBoys: A good hacker is a real business man!
The sale of data and government and financial access brings us more income, about $40,000 per month.
We need money to support our forces, but there is a common misconception about hackers.
Hackers are not thieves, don’t confuse us with financial fraudsters, who use ordinary people’s databases to steal.

CYFIRMA: Are there any challenges you face? Operational stuff like keeping infrastructure up, managing people in the group, getting things done on time etc.?

DeltaBoys: Exactly, infrastructure and member management is one of our most difficult tasks.
Correctly directing attacks and preventing fruitless intrusions is one of our most important tasks.
We are very careful in choosing the main members and unfortunately, we had to fire many people from the group over the years.

CYFIRMA: What’s on the horizon for you, any near-term and long-term ambitions?

DeltaBoys: Forming a powerful group apart from sect, religion, racism. All human beings on earth have an equal right.
We fight against corrupt politics, racism and corruption.
And we defend our human rights.

CYFIRMA: As a thanks for your time, this is space for you. Anything you want to say to the world?

DeltaBoys: We are people from all over the world.
From all the countries of the world.
French, German, Turkish, Arab, Spanish, American, African, Jewish and…
it doesn’t matter what country or religion we are; we are an alliance to fight against anomalies and corruption.
We are currently under attack and after infiltrating the Spanish Ministry of Defense, unfortunately we lost our Telegram channel, due to the report of the Spanish government, but we have started again.

Everyone can connect with us through our new Telegram and Twitter channel
Telegram @leak_db2

Thank you for reading, we hope you enjoyed it. If you have a story or want to have your say heard, feel free to reach out to us at https://twitter.com/CyfirmaR

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.