Menu
Browse

Cyber Threat Actor: Team MadLeets

Aliases: 3 aliases
Actor Type Location Known Incidents
 Icon
Activist
Pakistan
4 incidents
Profile

The threat actor known as Team MadLeets (also referenced as MadLeets) is a Pakistani hacker group identified in open‑source reporting. An individual associated with the group uses the alias r00x, which also appears as rOOX in a defacement message they left on compromised sites. The collective has been publicly linked to the TeaM MadLeets moniker in multiple sources. No explicit state sponsorship or criminal‑corporate affiliation is stated in the available material.

The group’s publicly reported activities include the compromise of India’s Ministry of Railway server, which hosted approximately forty‑seven domains, and the placement of an identical defacement page on each of those domains. The message displayed read “Hacked By r00x you GoT 0wn3d By rOOX . Just a Security reminder/ Contact: r))[email protected]/ We are TeaM MADLEETS”, indicating that the actors described the action as a security reminder rather than a financially motivated act. In addition to the Indian government target, the same sources credit Team MadLeets with compromising Google Malaysia and other high‑profile websites, showing a pattern of targeting prominent online assets. No explicit financial or espionage objectives are described in the referenced reports.

The reported technique involves gaining unauthorized access to web servers and replacing their content with a custom defacement page that includes the group’s signature and contact information. No specific malware families, exploit kits, or initial‑access vectors are detailed in the available sources. Attribution to a Pakistani hacker collective is explicitly made in the MEMRI article and the Tech.com.pk source, which label the perpetrators as members of TeaM MadLeets. No formal state linkage or criminal consortium is cited in the public documentation consulted.

One of the most cited operations is the May 2014 breach of India’s Ministry of Railway, affecting roughly forty‑seven sub‑domains and leaving the aforementioned defacement message. The same reporting notes that Team MadLeets has also been responsible for the compromise of Google Malaysia’s online properties. Additional, unspecified high‑profile websites have been mentioned as victims of the group’s activities. These incidents are presented as representative examples of the actor’s public‑facing operations in the open‑source record. No public reports associate the group with the deployment of ransomware, banking trojans, or state‑sponsored espionage toolkits, and the available descriptions do not include technical indicators such as file hashes, command‑and‑control infrastructure, or specific exploit tools.

Incidents
Attributed incidents available to members
4 incidents
Sources
Sources available to members
5 sources