3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Jember Hacker Team

Jember Hacker Team

ID: 6b0b0fc9c77eee99a03c20e0c320264930473
Hacktivist Group Defacement Crew
Threat types: Defacement
Indonesia
Updated: 2026-01-13
Created: 2025-10-17
Progress: 47% Completeness: 45% Freshness: 50%
Operation zone:
Aliases Limited alias preview
JHT
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: high
Actor Techniques page ATT&CK® Diagram

Jember Hacker Team (JHT) — Indonesian hacktivist/defacement crew best known for the Jan 2013 defacement of the President’s official website (presidensby.info). Subsequent protests triggered >12 government site defacements; police arrested and later sentenced the individual responsible for the presidential site hack.


Technique Technique name Tactics Evidence
T1491.002 External Defacement TA0040
  • 2013-01-10 — Presidential website defaced: “This is a PayBack From Jember Hacker Team.” · ref
  • 2013-01-11 — The Register confirms JHT attribution and slogan on defaced page. · ref
  • 2013-01-31 — VOA: >12 Indonesian government sites defaced in solidarity wave. · ref
T1190 Exploit Public-Facing Application TA0001
  • 2011-10-13 — Early Zone-H mirror (tk.unikom.ac.id) notified by JHT (vector not specified but implies public-facing app compromise). · ref
Strategic Intelligence
Limited preview
Last updated: 2025-10-17T21:44:02+00:00
Jember Hacker Team (JHT) - Hacktivist / Defacement Group

CLASSIFICATION: Unclassified / Open Source


Executive Summary

JHT is among Indonesia’s most publicized defacement crews after the Jan 2013 defacement of the President’s website. The action catalyzed broader solidarity defacements (>12 government sites). Law-enforcement follow-up identified and sentenced the individual behind the presidential site hack, anchoring the attribution. Confidence: high (multiple primary press reports, court outcome).

  • 2011-10-13. Zone-H mirror (tk.unikom.ac.id) notified by JHT.
  • 2013-01-10/11. President’s site defaced; JHT message; widespread coverage.
  • 2013-01-31. >12 gov sites defaced in protest wave.
  • 2013-06-19/20. Sentencing: 6–10 months reports for the perpetrator (local court coverage).
  • T1491.002 – Defacement (External). Presidential site + subsequent gov sites.
  • T1190 – Exploit Public-Facing App. Implied by web app compromise; details not published. INFERENCE (medium).
Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.