3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Ganest Seven

Ganest Seven

ID: c31e0df73ef0adf5d83d8bf5534b492584794
Hacktivist Group Defacement Crew Hacktivism
Threat types: Defacement
Indonesia CHL
Updated: 2026-01-13
Created: 2025-10-16
Progress: 51% Completeness: 52% Freshness: 50%
Operation zone: Chile
Aliases Limited alias preview
No aliases registered.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Ganest Seven — Indonesian hacktivist/defacement label with numerous mirrors in Zone-Xsec (2024–2025), including municipal services and education subdomains; aliases within the team roster vary by campaign.


Technique Technique name Tactics Evidence
T1491.002 External Defacement TA0040
  • 2024-08-16 — Multiple .sch.id/.go.id mirrors credited to Ganest Seven (entries: DestaX, Demon Yuzen, etc.). · ref
T1190 Exploit Public-Facing Application TA0001
  • 2024-08 — Run pattern (WordPress/CMS endpoints) suggests exploitation of public-facing apps without listed CVEs. INFERENCE. · ref
Strategic Intelligence
Limited preview
Last updated: 2025-10-17T20:56:52+00:00
Ganest Seven - Hacktivist / Defacement Group

CLASSIFICATION: Unclassified / Open Source


Executive Summary

Ganest Seven appears in Zone-Xsec with repeated gov/edu defacements (mid-2024 onward). Team entries list rotating notifiers (e.g., DestaX, Demon Yuzen), consistent with loose crew structure typical of the Indonesian scene. Confidence: medium (mirrors present; limited method detail).

  • 2024-08-16. Multiple .sch.id / .go.id mirrors credited to Ganest Seven, including municipal services.

Behavior: external defacement; WordPress/CMS pattern. INFERENCE.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.