3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
INDOHAXSEC

INDOHAXSEC

ID: af8dc43650dce9ef3103504e01ac9770
Hacktivist Group Collective Defacement Crew Hacktivism
Threat types: Defacement
Indonesia
Updated: 2026-04-12
Created: 2025-10-16
Progress: 68% Completeness: 59% Freshness: 90%
Operation zone:
Aliases Limited alias preview
No aliases registered.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

INDOHAXSEC — emerging Indonesian hacktivist collective established in early Oct 2024 (per own channels). Activity set includes defacements, DDoS, data leaks, and occasional ransomware-style claims; heavy use of Telegram/X for promotion.


Technique Technique name Tactics Evidence
T1491.002 External Defacement TA0040
  • 2024-10 onward — Analyst write-ups cite repeated website defacements in the group’s campaign set. · ref
  • 2025-03 — Roundup articles (Cyware/Eventus) recount defacement and leak claims. · ref
T1498 Network Denial of Service TA0040
  • 2025-03 — Analyst reporting lists DDoS as a typical tactic. · ref
T1041 Exfiltration Over C2 Channel TA0010
  • 2025-03 — Hack-and-leak publications via social channels/cloud links. · ref
Strategic Intelligence
Limited preview
Last updated: 2025-10-17T21:47:28+00:00
INDOHAXSEC - Hacktivist Group

CLASSIFICATION: Unclassified / Open Source


Executive Summary

INDOHAXSEC surfaced in Oct 2024 and has since pushed defacements, DDoS, and data leak releases, with social platforms as megaphone. OSINT tracking by security vendors in March 2025 documents their rapid campaign tempo and politicized targeting across the region. Confidence: medium (multi-vendor briefs; limited first-party technicals).

  • 2024-10. Group states establishment (Telegram). Vendor recaps align. Arctic Wolf
  • 2025-03. Vendor & media coverage—defacement, DDoS, leaks; examples amplified via #INDOHAXSEC feeds. Arctic Wolf
  • T1491.002 – Defacement (External). Signature action in early ops.
  • T1498 – Network DoS. Included in tactic set.
  • T1041 – Exfiltration/Leak. Hack-and-leak pattern via public links. 
Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/11
Address Verification SOCMINT
x.com/IND******* Restricted Not integrated
Address Verification SOCMINT
t.me/ind*********** Restricted Not integrated
t.me/Ind************* Restricted Not integrated
t.me/Ind************ Restricted Not integrated
t.me/IND******* Restricted Not integrated
t.me/+4N************** Restricted Not integrated
t.me/Ind******** Restricted Not integrated
Address Verification SOCMINT
instagram.com/ind******* Restricted Not integrated
www.whatsapp.com/cha***************************** Restricted Not integrated
Address Verification SOCMINT
indohaxsec-forums.odoo.com Restricted Not integrated
indohaxsec.blogspot.com Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–5 of 5 images
Alliance between actors. Telegram Free Preview
Alliance between actors. Telegram
Logo variant Free Preview
Logo variant
Logo variant 2024 Free Preview
Logo variant 2024
Logo variant 2025 Free Preview
Logo variant 2025
Logo variant Free Preview
Logo variant
Showing 4 of 5 images in preview mode. Additional evidence is restricted for Analyst and Premium plans.