Cyber Threat Actor: Donnazmi

Donnazmi is a threat actor alias associated with pro-Islamic State (ISIS) hacktivist operations, publicly linked to the compromise of Malaysian government digital assets. The entity operates under the Anon Ghost collective identity, which explicitly distinguishes itself from the broader Anonymous movement while adopting similar branding conventions for recognition. This group positions itself as an ideological proponent of ISIS objectives through cyber-enabled propaganda dissemination rather than pursuing financial crime or traditional espionage. Their activities demonstrate a focus on symbolic disruptions against perceived adversaries of global jihadist movements.

The group’s confirmed targeting centers on government institutions in Muslim-majority nations, specifically Malaysia, though broader regional ambitions may exist. Their sole publicly documented operation involved hijacking official Malaysian Police Facebook and Twitter accounts to replace content with ISIS propaganda, including militant imagery, Arabic text, and threats against government officials. Tactics emphasized rapid social media account takeover and defacement rather than persistent network intrusion or data exfiltration. Attackers implanted messages asserting opposition to Zionism and Israel while framing their actions as support for international "freedom movements," indicating an intent to amplify ideological narratives through high-visibility digital vandalism. Operational security considerations appeared secondary to immediate propaganda impact, with attackers prominently tagging "#AnonGhost was here" on compromised platforms.

Anon Ghost’s affiliation with Donnazmi represents a clear public alignment with ISIS doctrine, though no direct command-and-control relationship with physical militant cells has been substantiated. The Malaysian Police social media breach remains their signature campaign, showcasing a deliberate shift from Anonymous’ traditional anti-establishment ethos toward explicit jihadist advocacy. Restoration of the compromised accounts by platform administrators limited the operation’s duration, though the group achieved its apparent goal of demonstrating capability to breach state-affiliated digital properties. Their operational model prioritizes psychological impact through symbolic targeting of law enforcement agencies perceived as opposing ISIS-aligned interests.