Cyber Threat Actor: Ne0-h4ck3r
| Actor Type | Location | Known Incidents |
Sensationalist
|
Bangladesh
|
4 incidents |
|---|
Profile
Ne0‑h4ck3r is an alias used by a Bangladeshi hacker who has operated alongside the handles TiGER‑M@TE and F0RTYS3V3N in a series of website defacement incidents. The actor is known to be based in Bangladesh, as indicated by the geographic attribution of the incidents attributed to the group. Their activity has focused on disrupting the online presence of major technology firms by altering the content of publicly accessible web properties.
The targets have included search‑engine, image‑service, video‑platform and web‑portal domains belonging to Google and Yahoo in Malaysia, with a prior comparable action against Google’s Kenyan domain. The group’s method relies on DNS redirection techniques that reroute visitors to servers under their control, where they replace the legitimate page with a defacement screen bearing a boastful message and contact details. No malicious software families or exploit kits have been reported in connection with these operations, and the actors appear to rely solely on network‑level manipulation rather than code‑based payloads. The defacement notices left behind do not disclose any clear motive, financial gain, espionage goal or ideological stance, leaving the strategic objective of the attacks unspecified in the public record.
There is no publicly available evidence linking Ne0‑h4ck3r or the associated aliases to a state sponsor, criminal syndicate or larger hacking collective. The most documented operation occurred on 15 April 2015, when the trio simultaneously defaced Yahoo Malaysia, Google Images, YouTube and Google Malaysia, marking the second compromise of Google Malaysia within that day through the same DNS redirection approach. This campaign followed an earlier defacement of Google Kenya, demonstrating a repeated pattern of targeting the same corporation’s regional online assets. All affected services were restored after the incidents, and the actors claimed responsibility via Zone‑h mirror postings without providing further explanation for their actions.
