Cyber Threat Actor: Mr.Domoz

Mr.Domoz is a documented alias associated with the pro-Islamic State (ISIS) hacktivist collective Anon Ghost. This group publicly claimed responsibility for compromising the social media presence of Malaysian law enforcement entities in 2015, explicitly aligning their activities with ISIS propaganda dissemination objectives. Their operations demonstrate a focus on symbolic cyber intrusions rather than persistent network access or data theft, emphasizing ideological messaging over technical complexity or financial gain.

The threat actor’s confirmed targeting centers on government institutions in Malaysia, specifically law enforcement agencies perceived as opposing ISIS-aligned interests. Their sole publicly reported operation involved defacing the official Facebook and Twitter accounts of the Malaysian Police, replacing profile imagery with Arabic-language text and ISIS-affiliated iconography. Strategic objectives explicitly cited by the group include demonstrating technical capabilities to support global "freedom movements" and disseminating militant propaganda. Attackers posted threatening messages directed at government officials alongside declarations opposing Zionism and Israel, while deliberately distinguishing themselves from the Anonymous collective.

Technical execution relied on compromising legitimate social media credentials, though specific initial access vectors remain unspecified in public reporting. Post-compromise tradecraft focused on rapid defacement: replacing profile assets, posting militant imagery, and leaving signature markers like "#AnonGhost was here" before restoration efforts by platform operators. The operation’s brevity and public-facing nature suggest prioritization of psychological impact over sustained disruption. Affiliation with ISIS ideology is explicitly claimed through propaganda content and anti-government messaging, though no direct operational coordination with physical militant cells has been publicly substantiated. This incident remains the group’s most consequential documented cyber activity to date, illustrating their hybrid approach of low-complexity hacking paired with high-visibility ideological signaling.