Hacker Tied to Yemen Cyber Army Sentenced for Stealing Data of 4 Million People

The UK’s National Crime Agency (NCA) has announced the sentencing of Al Tahery Al-Mashriky, a 26-year-old hacker from Rotherham, South Yorkshire, who was found guilty of infiltrating thousands of websites and stealing the personal data of millions of people.

According to the NCA, “Al-Tahery Al-Mashriky, 26, from Rotherham, South Yorkshire, was arrested by specialist National Crime Agency cybercrime officers in August 2022, who were acting on intelligence supplied by US law enforcement around the activities of extremist hacker groups ‘Spider Team’ and ‘Yemen Cyber Army.’”

Investigators were able to directly tie Al-Mashriky to the Yemen Cyber Army, a politically motivated hacker collective, through digital forensics. The NCA noted, “NCA investigators were able to link Al-Mashriky to the Yemen Cyber Army through social media and email accounts.”

Forensic analysis of his laptop and mobile phones uncovered evidence of extensive cybercrime activity. He had breached high-profile websites, including those belonging to the Yemen Ministry of Foreign Affairs, the Yemen Ministry of Security Media, and an Israeli news outlet.

His activities were not limited to the Middle East. Al-Mashriky also targeted faith websites in Canada and the United States and even hacked into the website of the California State Water Board.

The scale of the data theft was huge. The NCA reported: “He was in possession of personal data for over 4 million Facebook users and several documents containing usernames and passwords for services such as Netflix and Paypal, which could be used for further acts of cybercrime.”

Using one of his online aliases, Al-Mashriky even boasted on a cybercrime forum that he had hacked into over 3,000 websites in just three months during 2022.

Al-Mashriky’s attacks were often driven by ideology rather than profit. “His offending centred around gaining unauthorised access to the websites, then creating hidden webpages containing his online monikers and messaging that furthered his religious and political ideology,” the report stated.

The NCA highlighted that he deliberately sought out poorly secured websites to gain notoriety within the hacking community, prioritizing volume of attacks over complexity.

Originally set to face trial for 10 offences under the Computer Misuse Act, Al-Mashriky pleaded guilty to nine charges at Sheffield Crown Court on 17 March 2025. He was sentenced on 15 August 2025 to 20 months in prison.

Related Posts:

• Candiru spyware exploited Chrome 0-day flaw to attack journalists
• Leak: NSA and US Army can capture Tor, I2P, VPNs to monitor Monero users
• NCA’s Operation Destabilise: Dismantling a Global Money Laundering Network
• Evil Corp Cybercriminals Exposed: UK Sanctions 16 Individuals Linked to Russian State and LockBit
• Pro-Russian Threat Actors Launch Coordinated DDoS Attacks Against Japanese Organizations