Cyber Threat Actor: IsHaKdZ

Thethreat actor known as IsHaKdZ, also seen as Ishakdz, has been linked to a single publicly reported intrusion against the ticketing platform Ticketfly in May 2018. Open‑source reporting identifies the actor as operating from Turkey, although no further personal details have been disclosed. The alias appears in the defacement message left on the compromised site and in communications with journalists. No other aliases or affiliations have been attributed to this individual in the available sources.

The actor’s activity was directed at an online event‑ticketing service, indicating a focus on the consumer‑facing entertainment sector. The reported motivation combined a financial extortion attempt—requesting one Bitcoin in exchange for not exploiting a discovered vulnerability—with an intent to cause operational disruption after the demand was unmet. The actor followed through by defacing the website, exfiltrating customer and employee data, and threatening to release additional “backstage” information. These actions resulted in the temporary shutdown of Ticketfly’s services, forcing venues to revert to manual ticket verification.

The tactics described in the reporting involve the identification and exploitation of a web‑application vulnerability as the initial access vector. After gaining entry, the actor altered the site’s front end with a V for Vendetta graphic and a message claiming responsibility, which constitutes a classic website defacement technique. Data theft was carried out by copying databases containing names, addresses, email addresses and phone numbers, and the actor claimed possession of a further dataset labeled “backstage.” No malware families, custom tools, or specific exploit kits are mentioned in the sources.

Attribution to a state sponsor, criminal consortium, or any broader threat‑actor group has not been established in the public record; the actor appears to act independently based on the disclosed communications. The Ticketfly incident remains the sole documented operation associated with IsHaKdZ, serving as the representative example of the actor’s capability to combine ransom‑style demands with data theft and service disruption. Law‑enforcement or industry follow‑up actions concerning this actor have not been detailed in the available material.