3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
NotraSec

NotraSec

ID: 452045af12adcddef437f5ccd3dee69e67191
Hacktivist Group Hacktivism
Threat types: Hacktivism, Defecement, Intrusion
Indonesia
Updated: 2026-04-12
Created: 2026-03-30
Progress: 75% Completeness: 68% Freshness: 90%
Operation zone:
Aliases Limited alias preview
NotraSec Team Team NotraSec
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

NotraSec is a small emerging defacement-oriented cyber-vandalism cluster with public Telegram presence, named members, and repeated defacement archive visibility. Current open reporting supports opportunistic public-web compromise and website content manipulation rather than advanced intrusion or mature criminal operations.


Technique Technique name Tactics Evidence
T1190 Exploit Public-Facing Application TA0001
  • 2026-01-26 — Repeated NotraSec activity against public websites is consistent with exploitation of exposed web applications or misconfigured public-facing components. · ref
  • 2026-03-06 — INFERENCE (confidence: medium): The observed defacement outcome on a government site implies compromise of a public-facing web service or content-management path. · ref
T1110 Brute Force TA0006
  • 2025-11-22 — Archive metadata for at least one NotraSec-tagged mirror described a brute-force access path. Treat as supportive but lower-confidence detail because it derives from archive labeling rather than incident-response evidence. · ref
T1565.001 Stored Data Manipulation TA0040
  • 2026-03-06 — Website content replacement with NotraSec branding and team-member naming is directly consistent with stored data manipulation through defacement. · ref
  • 2026-01-26 — Mass-defacement archive entries support repeated public-web content manipulation as a core operational behavior. · ref
T1580 Cloud Infrastructure Discovery TA0007
  • 2026-03-09 — INFERENCE (confidence: low): Inclusion in broader threat recaps and multi-country opportunistic targeting is compatible with open-source discovery of weak public web surfaces, although direct scanning telemetry is not publicly documented. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-04-12T18:14:05+00:00

NotraSec

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Category: Cybercrime / Hacktivism / Defacement Cluster — Origin: Probable Indonesia / Southeast Asia nexus (INFERENCE, confidence: medium)

Author: iQBlack CTI Team


Executive Summary

NotraSec is a small but publicly visible defacement-oriented threat cluster with Telegram presence, named members, and archived mass-defacement activity. The group is best assessed as an emerging low-complexity web-compromise and web-vandalism collective rather than a mature intrusion actor. Publicly observable activity centers on opportunistic website compromise, branded page replacement, archive visibility, and narrative amplification.


Available evidence supports treating NotraSec as a real operating identity rather than a purely speculative name. Public indicators include a Telegram channel branded as “NOTRASEC TEAM,” a separate public invite/group reference, member naming embedded in defacement content, and a repeatable archive footprint across defacement-tracking services. However, available reporting does not support claims of sustained access operations, advanced malware development, or high-confidence geopolitical alignment.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — NotraSec

Classification: Unclassified / OSINT — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — NotraSec


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-04-12T18:15:27+00:00

OSINT Library — NotraSec

2026-03-09 — Dark Web Informer — "Threat Attack Update - March 9th, 2026"

https://darkwebinformer.com/threat-attack-update-march-9th-2026/

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/3
Address Verification SOCMINT
t.me/+o-************** Restricted Not integrated
t.me/+Uw************** Restricted Not integrated
t.me/+V-************** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–1 of 1 images
Logo / Avatar Free Preview
Logo / Avatar