Cyber Incident Victim: Royal Malaysia Police
Date:
Jul 2015
Location:
Malaysia
Summary
Pro-ISIS hacktivist group Anon Ghost compromised the social media accounts of Malaysian Police, defacing official Facebook and Twitter pages with Islamic State propaganda imagery, militant photos, and threatening messages directed at government officials. The attackers replaced profile pictures with Arabic text and ISIS-affiliated symbols, posted declarations including "#AnonGhost was here," and explicitly distanced themselves from Anonymous while claiming to oppose Zionism and Israel. The group asserted their actions aimed to demonstrate their capabilities and ideological alignment rather than seeking fame, emphasizing support for global "freedom movements." Both accounts were subsequently restored following the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 21 actors | Available to members | Available to members |
Description
On July 13, 2015, pro-ISIS hacker group Anon Ghost compromised the official Facebook and Twitter accounts of the Malaysian Royal Police. The attackers replaced the Facebook profile picture with an Islamic State image and altered the cover photo to display a gunman waving an Islamic flag bearing the text "Khilafah has returned." The police emblem was substituted with an image featuring an eye alongside Arabic script containing the words "Allah" and "Muhammad." A post depicting armed militants with the caption "VIVA ISLAMIC STATE" appeared on the Facebook page, accompanied by a list of 22 aliases claiming responsibility under the AnonGhost banner. The third Facebook update featured the hashtag "#AnonGhost was here." Simultaneously, the police Twitter account displayed threatening messages directed at then-Prime Minister Najib Razak, including "Najib Razak...we are coming to you..." and a Malay-language warning to government ministers referencing "ATM" and "Dr. M."
Anon Ghost publicly claimed responsibility through the compromised accounts, explicitly differentiating themselves from the Anonymous collective by stating they neither shared objectives nor comparable technical capabilities. The group declared themselves "the sound of the forgotten people" and "freedom fighters in the cyber world," emphasizing opposition to Zionism and Israel as core motivations. They asserted the hack aimed to demonstrate their capabilities rather than seek fame, while expressing support for global hacker teams and freedom movements. Historical context indicates Anon Ghost originated as a pro-Palestinian hacktivist collective before aligning with ISIS ideology, with prior operations targeting the United Nations website, U.S. Air Force subdomains, and Israeli financial data. Malaysian authorities regained control of both social media accounts before the publication of initial reports, restoring original branding and removing unauthorized content without disclosing technical remediation details. The incident marked continued cyber operations by ISIS-affiliated groups following earlier compromises of Malaysian Airlines' digital assets.