Menu
Browse

Cyber Threat Actor: Gantengers Crew

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Sensationalist
Indonesia
7 incidents
Profile

Gantengers Crew, also knownsimply as Gantengers, is an Indonesian hacking group that has been active since at least 2014. The group’s location is identified as Indonesia in open sources, and it operates under the aliases Gantengers Crew and Gantengers. Public reporting describes the actors as a loose collective of individuals who use online handles such as SultanHaikal, d3b~X, Brian Kamikaze, Coupdegrace, Mdn_newbie and NG689Skwng689skwyahoocom. Their activities consist primarily of website defacements aimed at high‑profile targets rather than sustained intrusion campaigns.

The group’s targeting pattern shows a focus on government, financial, educational, environmental and technology sectors across multiple regions. Incidents have been recorded against the Kenyan presidential website, MasterCard’s Online Resources domain, the International Council of E‑Commerce Consultants (EC‑Council), the World Wildlife Fund and Earth Hour Philippines sites, and Canonical Ltd.’s Ubuntu One service. In each case the actors stated that the purpose was to demonstrate their capability and to highlight perceived security weaknesses, without claiming financial gain, espionage or any other concrete objective. The repeated emphasis on proving vulnerability suggests a strategic objective centered on disruption and reputation rather than profit or intelligence gathering.

Observed tactics, techniques and procedures are limited to web‑based defacement methods. The actors have exploited web vulnerabilities to replace homepage content with their own messages, and they have also abused legitimate file‑sharing functions, as seen in the Ubuntu One incident where an image resembling a defacement page was uploaded through the service’s normal operation. Proof of the defacements is routinely posted to Zone‑H mirrors, which the group uses to verify and publicize their successes. No malware families, custom tooling, or specific initial‑access vectors such as phishing or exploit kits are mentioned in the available reporting.

Notable operations include the May 2015 defacement of Kenya’s presidential site, the April 2015 alteration of MasterCard’s Online Resources domain, the January 2015 series of EC‑Council sub‑domain compromises, the February 2014 attacks on WWF and Earth Hour Philippines, and the January 2014 Ubuntu One file‑share incident. Earlier reporting also references prior breaches of the Australian National University and other WWF‑affiliated domains, indicating a recurring pattern of targeting prominent organizations to showcase technical ability. The group’s public statements consistently frame these actions as demonstrations of capability rather than as steps toward any further malicious end state.

Incidents
Attributed incidents available to members
6 incidents
Sources
Sources available to members
5 sources