TraceX Labs Uncovers Dark Web Threat Group Demanding $100,000 for Meta Outage
The Dark Web Intelligence Team at TraceX Labs, an Indian cybersecurity firm specializing in cyber threat intelligence and digital investigations, has uncovered a dark web portal where a group calling itself “ANONYMOUS HOTZ /// APT” claims responsibility for a recent global outage affecting Meta platforms, including Facebook and Instagram. This development raises significant concerns about the implications of cyber threats on major social media infrastructures.
During its investigation, TraceX Labs noted that the portal primarily defaults to the Chinese language, although it offers an English translation option via a visible language switch labeled “切换英文 / ENGLISH.” The onion service linked to this investigation can be accessed at this address.
Chinese-Language Threat Message Observed
The homepage of the dark web portal features multiple warnings and extortion messages in Chinese. Portions of the page translated by TraceX Labs indicate the group claims to have executed a Distributed Denial-of-Service (DDoS) attack targeting Meta Platforms’ infrastructure on June 12, 2026. The translated message asserts:
“On 12 June 2026, we executed a Distributed Denial of Service (DDoS) attack against Meta Platforms global infrastructure.”
The page further alleges that the attack resulted in a global outage of Instagram and Facebook services, causing mobile application crashes and widespread web service disruptions lasting over six hours.
Ransom Demand and Threats
The hidden service includes a ransom demand of $100,000 USD, payable in USDT (TRC20) cryptocurrency. A wallet address and QR code are prominently displayed on the page. The wallet address is:
TKjqghf5aYdnpE4ZXFexZd1HYRrYC1EVXa
The portal contains aggressive statements, including threats of another attack within 30 days if the ransom is not paid. One translated section warns:
“Failure to pay equals permanent Meta takedown.”
Another threat claims that the next attack would involve:
“Full infrastructure collapse | 14+ days offline | Complete service destruction.”
The site also threatens retaliation against any legal actions, wallet blacklisting, or countermeasures.
Key Findings from TraceX Labs Investigation
| Item | Detail |
|---|---|
| Investigating organization | TraceX Labs |
| Country | India |
| Threat actor alias | ANONYMOUS HOTZ /// APT |
| Portal default language | Chinese |
| English translation available | Yes |
| Claimed attack | DDoS on Meta infrastructure |
| Claimed affected platforms | Facebook and Instagram |
| Claimed outage duration | 6+ hours |
| Ransom amount | $100,000 USDT (TRC20) |
| Wallet address | TKjqghf5aYdnpE4ZXFexZd1HYRrYC1EVXa |
| Onion link | Onion link |
| Technical proof shared | None identified |
TraceX Labs Assessment
While the outage experienced by Meta was real and widely reported, TraceX Labs has stated that there is currently no verified technical evidence linking the dark web actor to the disruption. The language used on the portal resembles fear-based extortion messaging often seen in opportunistic ransomware and intimidation campaigns.
At the time of publication, several key points were noted:
- Meta has not confirmed any cyberattack.
- No forensic evidence linking the outage to the actor has been publicly released.
- No technical indicators, logs, or proof-of-attack data have been shared by the threat actor.
Cybersecurity analysts suggest that the outage may have resulted from infrastructure issues, routing problems, or configuration failures rather than an external cyberattack.
Meta Yet to Confirm Cause
Meta has publicly acknowledged the service disruption and confirmed that restoration efforts were underway. However, the company has not commented on the dark web claims identified by TraceX Labs. No official root cause analysis has yet been published.
Advisory from TraceX Labs
TraceX Labs advises the public and media organizations to approach such dark web claims with caution until they are independently verified through technical investigation. The company recommends:
- Avoid engaging with extortion demands or cryptocurrency wallets.
- Do not assume responsibility claims are legitimate without evidence.
- Monitor verified threat intelligence updates.
- Exercise caution while accessing Tor hidden services and dark web infrastructure.
The claims made by “ANONYMOUS HOTZ /// APT” remain unverified. Although the timing of the dark web post coincides with the Meta outage, there is no confirmed evidence proving that the outage was caused by a DDoS attack or by the threat actor behind the portal.
TraceX Labs continues to monitor the hidden service, associated cryptocurrency activity, and any emerging threat intelligence related to this incident.
Source: firstindia.co.in
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
