3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
PhantomSec1337

PhantomSec1337

ID: 3f97ccf68d4ce27448864b79ab1fd512
Hacktivist Group Defacement Crew Hacktivism
Threat types: Defacement
Indonesia ALB, ARM, BRA, CHL, CCK, IND, IDN, LSO, PAK, RUS, ZAF, LKA, TTO, GBR
Updated: 2026-01-19
Created: 2025-10-16
Progress: 65% Completeness: 71% Freshness: 50%
Operation zone: Albania, Armenia, Brazil, Chile, Cocos(Keeling)Islands, India, Indonesia, Lesotho, Pakistan, Russia, South Africa, Sri Lanka, Trinidad and Tobago, United Kingdom
Aliases Limited alias preview
Phantom Security 1337 PhantomSecurity1337 P* P*****
Showing 2 of 4 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

PhantomSec1337 — Indonesian defacement crew (Top-10 by volume on Zone-Xsec) active through 2020–2025; frequent page takeovers of .id government/edu sites; often credited by notifiers as team for Indonesian defacers (e.g., Babacang07).


Technique Technique name Tactics Evidence
T1491.002 External Defacement TA0040
  • 2025-04-29 — Government site defaced; notifier MR-4PEAJE | Team PhantomSec1337 (OSINT screenshot on X). · ref
  • 2025-02-10 — Zone-Xsec team page shows PhantomSec1337 with ~7.2k defacements; Team Rank Top-10. · ref
T1190 Exploit Public-Facing Application TA0001
  • 2020-2025 — Mass WP/CMS targets typical of Indonesian runs suggest exploitation of public-facing apps (no CVE listed). INFERENCE. · ref
Strategic Intelligence
Limited preview
Last updated: 2025-10-17T20:52:29+00:00
PhantomSec1337 (Indonesia)

CLASSIFICATION: Unclassified / Open Source


Executive Summary

PhantomSec1337 is a prolific Indonesian defacement crew, consistently visible in Zone-Xsec rankings (Top-10 by total defacements) and frequently credited on social OSINT posts for recent .go.id / .sch.id takeovers. Open sources emphasize volume and cadence over deep post-exploitation. Confidence: medium (mirrors and team page corroborate activity; vectors rarely detailed).

  • 2020–2025. High-tempo defacements across gov/edu/SME in Indonesia, tracked by Zone-Xsec team page.
  • 2025-04-29. Gov ID site defaced; team credited as PhantomSec1337 (OSINT capture on X).
  • Team banner used by multiple Indonesian notifiers (e.g., MR-4PEAJE; previously Babacang07 cases). INFERENCE (medium).
  • Tradecraft: external defacement of public WordPress/CMS; little evidence of persistence or data-theft. INFERENCE (medium).
Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/2
Address Verification SOCMINT
www.facebook.com/p/P***************************** Restricted Not integrated
Address Verification SOCMINT
phantomsec1337.org Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–8 of 8 images
Logo variant Free Preview
Logo variant
Image used in hacked website Free Preview
Image used in hacked website
Avatar used in social media resources Free Preview
Avatar used in social media resources
Logo variant Free Preview
Logo variant
Logo variant Free Preview
Logo variant
Logo variant Free Preview
Logo variant
Logo variant Free Preview
Logo variant
Banner used in social media resources Free Preview
Banner used in social media resources
Showing 4 of 8 images in preview mode. Additional evidence is restricted for Analyst and Premium plans.