Menu
Browse

Cyber Threat Actor: Tiger Mate

Aliases: 3 aliases
Actor Type Location Known Incidents
 Icon
Sensationalist
Bangladesh
5 incidents
Profile

The threat actor operates under the aliases Tiger Mate, Neohacker and FortySeven and is known to be based in Bangladesh. Public reporting links the actor to a series of website defacements and data leaks that have targeted online platforms in Pakistan, Malaysia and Kenya. The actor’s activity has focused on high‑visibility web properties such as a major Pakistani real estate portal, Google and Yahoo services in Malaysia, and Google’s Kenyan domain. In the cases where motives were disclosed, the actor stated that there was no political or financial aim and that the actions were taken after warning the victims about security shortcomings that were ignored. Consequently, the observed objectives appear to be disruption of service through defacement and the exposure of user data to demonstrate perceived negligence, rather than espionage or profit‑seeking.

The actor’s tactics, techniques and procedures consist primarily of exploiting known vulnerabilities to gain unauthorized access to web servers, then replacing legitimate content with defacement pages that include a signature message, contact information and links to proof of compromise on Zone‑h mirrors. In the Zameen.com incident the actor also exfiltrated the full user database, which contained usernames, email addresses, MD5‑hashed passwords and phone numbers, and later attempted to remove the leaked data after it had already been disseminated. No specific malware families or custom tooling are mentioned in the available sources; the emphasis is on web‑application attacks, DNS redirection techniques and the public posting of defaced pages as evidence. Attribution to a state sponsor or a criminal consortium has not been established in the public record, with the actor’s origin inferred only from self‑identified Bangladeshi affiliations and the geographic focus of the operations. Representative campaigns include the May 2016 breach of Zameen.com that resulted in a large‑scale data leak and the April 2015 coordinated defacement of Google Images, YouTube, Yahoo Malaysia and related Malaysian domains, which followed a prior defacement of Google Kenya and demonstrated a pattern of targeting prominent internet services across multiple countries.

Incidents
Attributed incidents available to members
5 incidents
Sources
Sources available to members
3 sources