Friday, Jun 12, 2026 01:15 [IST]
Last Update: Friday, Jun 12, 2026 19:43 [IST]
TraceX Labs, an Indian cybersecurity and threat intelligence company, has identified a dark web portal where a threat actor group calling itself “ANONYMOUS HOTZ /// APT” is claiming responsibility for the recent global outage affecting Instagram and Facebook services.
The dark web page surfaced shortly after millions of users worldwide reported issues accessing Meta-owned platforms on June 12, 2026. During the outage, users experienced login failures, mobile app crashes, feed refresh issues, and website errors across multiple countries.
According to investigators at TraceX Labs, the hidden service primarily loads in Chinese language by default while also providing an English translation option.
Dark web onion link identified during the investigation:
http://snicftgczh2ykx63skfevccrjrnmzbsqtje3zfdmgoruggm6psqnkpid.onion/
The translated content reviewed by TraceX Labs researchers claims that the actor carried out a Distributed Denial-of-Service (DDoS) attack targeting Meta Platforms infrastructure.
One message displayed on the portal states:
“On 12 June 2026, we executed a Distributed Denial of Service (DDoS) attack against Meta Platforms global infrastructure.”
The page further claims that Instagram and Facebook services were “taken offline globally,” causing widespread disruption lasting more than six hours.
The portal also warns of another larger attack allegedly planned within the next 30 days.
The dark web page includes a ransom demand of $100,000 USD payable in USDT (TRC20) cryptocurrency.
Wallet address displayed on the portal:
TKjqghf5aYdnpE4ZXFexZd1HYRrYC1EVXa
The threat actor claims that failure to pay could result in another wave of attacks targeting Meta infrastructure.
The portal contains several threatening messages, including:
“Failure to pay equals permanent Meta takedown.”
Another section warns of:
“Full infrastructure collapse | 14+ days offline | Complete service destruction.”
| Item | Detail |
|---|---|
| Investigating organization | TraceX Labs |
| Country | India |
| Threat actor alias | ANONYMOUS HOTZ /// APT |
| Portal language | Chinese by default with English translation |
| Claimed attack | DDoS on Meta infrastructure |
| Claimed affected services | Instagram and Facebook |
| Claimed outage duration | 6+ hours |
| Ransom amount | $100,000 USDT (TRC20) |
| Wallet address | TKjqghf5aYdnpE4ZXFexZd1HYRrYC1EVXa |
| Onion link | http://snicftgczh2ykx63skfevccrjrnmzbsqtje3zfdmgoruggm6psqnkpid.onion/ |
| Technical proof provided | None identified |
Although the Instagram and Facebook outage itself was real and widely reported globally, TraceX Labs states that there is currently no verified technical evidence proving that the disruption was caused by the threat actor behind the dark web portal.
At the time of publication:
Cybersecurity researchers believe the outage may also have resulted from infrastructure failures, routing issues, or internal configuration-related technical problems rather than malicious external activity.
Meta acknowledged the outage publicly and confirmed that restoration efforts were underway. However, the company has not commented on the dark web claims identified by TraceX Labs.
No official root cause analysis has yet been released.
TraceX Labs advises the public and media organizations to avoid spreading unverified cyberattack claims without technical confirmation.
The company recommends:
At present, the claims made by “ANONYMOUS HOTZ /// APT” remain unverified. While the timing of the dark web post coincides with the global Instagram and Facebook outage, there is currently no confirmed evidence proving the actor was responsible for the disruption.
TraceX Labs continues to monitor the dark web portal, associated cryptocurrency activity, and emerging threat intelligence related to the incident.
About TraceX Labs:
TraceX Labs is an Indian cybersecurity and threat intelligence company specializing in malware analysis, dark web intelligence, cyber investigations, AI-powered security research, and digital threat monitoring.
