3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
ExtremeCrew

ExtremeCrew

ID: 17d4e6caa0687700931b14e35ec31b8d30958
Hacktivist Group Defacement Crew
Threat types: Defacement
Indonesia MYS
Updated: 2026-02-23
Created: 2025-10-17
Progress: 61% Completeness: 57% Freshness: 70%
Operation zone: Malaysia
Aliases Limited alias preview
Extreme Crew
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: high
Actor Techniques page ATT&CK® Diagram

ExtremeCrew — Indonesian hacktivist group best known for the Aug 2017 retaliatory campaign defacing 27–33 Malaysian websites after the SEA Games flag blunder; deface pages carried the message “Bendera Negaraku Bukanlah Mainan” and embedded a patriotic anthem.


Technique Technique name Tactics Evidence
T1491.002 External Defacement TA0040
  • 2017-08-21 — New Straits Times: 33 Malaysian sites defaced by ExtremeCrew. · ref
  • 2017-08-21 — The Star: 27 Malaysian sites defaced; message and anthem on landing. · ref
  • 2017-08-21/22 — TechWireAsia / SCMP / ASEAN Post recap the same campaign and counts. · ref
Strategic Intelligence
Limited preview
Last updated: 2025-10-17T21:51:02+00:00
ExtremeCrew - Indonesian Hacktivist Group

CLASSIFICATION: Unclassified / Open Source


Executive Summary

ExtremeCrew conducted a coordinated defacement wave in Aug 2017 against Malaysian websites over the inverted-flag controversy at the Kuala Lumpur SEA Games. Counts vary across outlets (27–33 sites), but narrative and messaging are consistent. Confidence: high (multiple mainstream outlets).

  • 2017-08-21/22. Malaysian sites defaced; message+anthem embedded; counts 27–33 reported.
  • T1491.002 – Defacement (External). Primary observed TTP in the campaign. 
Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.