3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Anshar Caliphate Army

Anshar Caliphate Army

ID: dfee5cf1582046b79985a664878851c7
Hacktivist Group CyberTerrorism DDoS Crew Defacement Crew Hacktivism
Threat types: Cyberterrorism, Hacking, DDoS Attack, Defacement, Propaganda
Unknown
Updated: 2026-01-13
Created: 2025-10-17
Progress: 51% Completeness: 52% Freshness: 50%
Operation zone:
Aliases Limited alias preview
ACA Ansar Khilafah Army An***************** Cy*************
Cy****************** ان*************
Showing 2 of 6 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Anshar Caliphate Army (ACA) — Southeast Asia pro-ISIS hacktivist label documented in 2018 as part of the UCC collective. Activity set: symbolic defacements, DDoS claims and account takeovers during #OpTheWorld, plus threat videos/posters aimed at Indonesian GOV targets. Language/use patterns indicate Indonesian linkage.


Technique Technique name Tactics Evidence
T1491.002 External Defacement TA0040
  • 2018-07-27 — ACA poster (May–July 2018) lists 160 defacements and social account hacks; captured in ICT’s 2018 Southeast Asia case study. · ref
  • 2018-07-28 — Actor-side count/claim post on X summarizing numbers for ACA/UCC ops (#OpTheWorld). · ref
T1498 Network Denial of Service TA0040
  • 2018-07-09 — UCC announcement claims ~530 sites DDoS’d during East Asia runs; ACA listed among participants (self-report). · ref
T1585 Establish Accounts TA0042
  • 2018-08-07 — ACA post on X threatens Indonesian government; use of social persona for propaganda and mobilization. · ref
  • 2018-08-08 — ACA video showing threats against Indonesian GOV websites (actor artifact on X). · ref
T1589 Gather Victim Identity Information TA0043
  • 2019-04-26 — Program on Extremism/CTC assessments: Islamic State–linked hacker lists typically OSINT-compiled (contextual to UCC/affiliates). · ref
Strategic Intelligence
Limited preview
Last updated: 2025-10-19T01:48:50+00:00
Anshar Caliphate Army (ACA) — Southeast Asia Pro-ISIS Hacktivists

CLASSIFICATION: Unclassified / Open Source


Executive Summary

The Anshar Caliphate Army (ACA) is a Southeast Asia pro-ISIS hacktivist label that surfaced publicly in mid-2018 as part of the United Cyber Caliphate (UCC) ecosystem. Open sources document ACA’s role in symbolic defacements, account takeovers and DDoS claims during #OpTheWorld, coupled with a steady stream of threat posters/videos on social media. Technical proficiency appears low, consistent with UCC-style OSINT-heavy doxing and opportunistic web hits; influence is achieved via propaganda amplification rather than sophisticated intrusions. Overall confidence: medium (credible think-tank documentation; actor artifacts mainly evidentiary for chronology/propaganda).


Pro-ISIS alignment; ACA is explicitly listed among the UCC component groups in 2018 analytical reporting. Language indicators and target selection point to Indonesian origins within a broader transnational umbrella.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/1
Address Verification SOCMINT
t.me/joi**************************** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.