3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
FINIX CYBER TEAM

FINIX CYBER TEAM

ID: 00a00685c5ce3da9716e165c6881592692994
Hacktivist Group Defacement Crew Hacktivism
Threat types: Hacktivism, Defacement, Intrusion
Indonesia ISR
Updated: 2026-04-03
Created: 2026-03-22
Progress: 87% Completeness: 85% Freshness: 90%
Operation zone: Israel
Aliases Limited alias preview
FCT
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

FINIX CYBER TEAM is an emerging hacktivist / defacement-and-leak cluster with visible alliance activity, public branding, and limited but actionable signals of opportunistic web compromise and claim amplification.


Technique Technique name Tactics Evidence
T1190 Exploit Public-Facing Application TA0001
  • 2026-03-31 — Public defacement behavior tied to FINIX CYBER TEAM is consistent with exploitation or abuse of a public-facing web application. · ref
  • 2026-04-02 — INFERENCE (confidence: medium): The actor’s current observable activity is most consistent with opportunistic compromise of exposed web services rather than endpoint-led initial access. · ref
T1491.001 Internal Defacement TA0040
  • 2026-03-31 — A public defacement page explicitly references FINIX CYBER TEAM, supporting website content replacement / defacement in practical effect. · ref
T1585 Establish Accounts TA0042
  • 2026-03-22 — Alliance-building behavior visible in Telegram-preview content indicates active relationship formation for public influence and collaborative signaling. · ref
  • 2026-06-18 — Public alliance alerting linked Order403 with FINIX CYBER TEAM, reinforcing coalition-style behavior. · ref
T1567 Exfiltration Over Web Service TA0010
  • 2026-03-03 — INFERENCE (confidence: low-medium): Public leak claims associated with ShadowNex and FINIX CYBER TEAM imply some data transfer or publication workflow, but direct technical evidence remains limited. · ref
T1595 Active Scanning TA0043
  • 2026-04-02 — INFERENCE (confidence: medium): Opportunistic defacement and public-web targeting imply scanning or discovery of exposed internet-facing assets. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-04-03T15:02:51+00:00

FINIX CYBER TEAM

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Category: Hacktivism / Defacement and Leak Cluster

Origin: Unknown (possible Indonesia / Southeast Asia nexus, low-medium confidence)


Executive Summary

FINIX CYBER TEAM is best assessed as an emerging hacktivist and defacement-oriented cluster with public alliance activity, visible brand propagation, and limited but actionable signals of data-leak and public-compromise behavior. The strongest open-source anchors currently available are alliance announcements and archive-linked indicators that tie the brand to other hacktivist groups, alongside public defacement content referencing the team name.

The present evidence base does not support treating FINIX CYBER TEAM as a mature intrusion actor with a deeply documented malware toolchain or sustained post-compromise tradecraft. Instead, the observable picture is more consistent with a public-facing cluster that combines website compromise, defacement, leak amplification, and alliance signaling to build brand visibility and operational credibility inside a broader hacktivist ecosystem.

Recent public indicators place the group in an alliance-heavy environment. Open reporting and social-media alerts show public alliance announcements involving KONCO ERROR SYSTEM, Order403, BD Anonymous, and Digital Storm Sec during 2026. Public leak-related reporting also places the group in the broader anti-Israel / pro-Palestinian cyber-noise environment, although direct technical attribution for specific data-theft claims remains uneven.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — FINIX CYBER TEAM

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — FINIX CYBER TEAM

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-04-03T15:12:31+00:00

IOC Appendix — FINIX CYBER TEAM

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-04-03T15:12:44+00:00

OSINT Library — FINIX CYBER TEAM


2024-02-18 — Cyberint — “Operation Deface: A New Alliance of Hacktivists on Telegram”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/2
Address Verification SOCMINT
t.me/+AU************** Restricted Not integrated
t.me/+9l************** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–1 of 1 images
Logo Free Preview
Logo