Cyber Threat Actor: F0RTYS3V3N
| Actor Type | Location | Known Incidents |
Sensationalist
|
Bangladesh
|
5 incidents |
|---|
Profile
F0RTYS3V3N is an alias used by a Bangladeshi hacker who operates as part of a loose collective that also employs the handles Ne0‑h4ck3r and TiGER‑M@TE. The actor’s known location is Bangladesh, as indicated in the reporting of their activities. This group focuses on compromising publicly accessible web properties rather than internal networks, repeatedly targeting major search‑engine, video‑sharing and web‑portal domains in Southeast Asia and Africa. Their observed technique involves DNS redirection that reroutes visitors to a server under their control, where they replace the legitimate content with a defacement page bearing a boastful message and contact information. The defacement pages are subsequently mirrored on Zone‑h to claim responsibility, a practice noted in multiple incidents. No malware families or exploit kits are mentioned in the available sources, indicating that the actor relies on straightforward web‑application manipulation rather than custom tooling.
One of the most documented operations occurred on 15 April 2015 when F0RTYS3V3N, together with Ne0‑h4ck3r and TiGER‑M@TE, defaced Google Malaysia, YouTube, Yahoo Malaysia and Google Images through DNS redirection, marking the second successful compromise of Google Malaysia that day. The same actors had previously disrupted Google Malaysia earlier on that date using a similar DNS hijack, and they had also conducted a comparable defacement of Google Kenya in 2013, showing a repeat pattern against the company’s regional properties. The defacement messages contained no explicit political or financial motive, merely claiming responsibility and providing an email address for contact. Attribution to a specific state sponsor or criminal organization is absent from the public record; the actors are described solely as Bangladeshi hackers acting independently. These incidents show that the actor’s observed activities have been limited to web‑defacement operations.
