As observed, hacktivists often take pride in targeting and disrupting websites of adversary countries during global conflicts. Recently, tensions escalated between Malaysia and Indonesia following the death of an Indonesian migrant worker, an event which was used by Indonesian hacktivists to launch attacks on Malaysian websites. In response to the significant disruption and defacements, Malaysian hacktivists retaliated in turn by targeting Indonesian websites.
Malaysian authorities have launched investigations into an incident that led to the death of an Indonesian migrant worker and injured four others, provoking a rare diplomatic incident between the two close neighbours. This event has come two years after human rights groups accused Malaysian immigration authorities of causing the deaths of 149 Indonesian citizens who were allegedly subjected to brutal conditions while held at detention depots.
Malaysia and Indonesia enjoy close cultural and linguistic ties, but although the two countries share many similarities, a persistent source of conflict between the two nations is the issue of migrant workers: millions of Indonesians work in Malaysia, often in low-paying and dangerous jobs, and there have been numerous reports of abuse and exploitation leading to public outrage in Indonesia and demands for greater protection of migrant workers’ rights (for instance, when a video surfaced in 2023 showing Malaysian immigration officials mistreating Indonesian migrant workers, which triggered widespread protests in Indonesia and calls for a boycott of Malaysian products).
Another source of conflict was a maritime boundary dispute concerning the Strait of Malacca and the South China Sea (which previously led to confrontations between naval vessels and fishing boats, and is connected to a larger issue of illegal fishing) however in 2023, both nations vowed to cooperate against European regulations that are likely to impact their economically pivotal palm oil industries, signing agreements to improve border crossings, strengthen trade, promote investment, and officially delineate territorial seas in parts of the Straits of Malacca and the Sulawesi Sea.
Despite these arguably minor challenges, the two main Muslim-majority countries maintain a healthy overall defense relationship – crucial in the geoplitical landscape of Southeast Asia, and particularly with reference to the rising threat of the Islamic State.
Over time, hacktivist and cybercriminal groups from both Malaysia and Indonesia have been involved in DDoS attacks and website defacements. Recently Indonesian hacktivists launched #OpMalaya, targeting government websites, educational institutions, and defacing websites with weak security practices, such as those of small organizations or startups. In retaliation, Malaysian hacktivists have begun striking back at Indonesia’s cyber landscape.
On Janaury 28, 2025, an Indonesian hacktivist group “Spider-x“ DDoSed a Malaysian military website, with another targeted the following day as ilustrated below:
Another Indonesian group by the name “IndoHaxSec“ – well-known on breachforums for leaks and data breaches – have also raised concerns by posting about shootings and made threats to conduct to cyber attack on Malaysia. Later that day, the group allegedly hacked the Malaysian Army Salary System and leaked usernames and passwords in the data dump.
The recent leaked data related to the Ministry of Home Affairs on BreachForums has raised concerns about cybersecurity. While the legitimacy of the leak has not been verified, its potential exposure to the public sparks questions about the government’s efforts to safeguard sensitive data against cyber threats.
On Janaury 30, 2025 Anohter group named “Hacktivist indonesia“ claimed to have defaced the Malaysian Highway Authority government website and posted message about the killing of indonesia migrant.
Several Indonesian groups, along with their allies, are actively targeting Malaysia’s cyberspace through DDoS attacks, data leaks, and website defacements. However, some of these groups are fake, repurposing and leaking old data while falsely claiming it as new.
In response to the Indonesian hacktivists’ attacks, Malaysian hacktivists have retaliated, taking the situation personally. Under the hashtag #OpsPaybackID, they have launched their own attacks on Indonesian websites, issuing warnings, defacing sites, and demanding that Indonesian hacktivists cease their assaults on Malaysian websites.
Monitoring hacktivist groups is crucial for cyber security. Both Malaysia and Indonesia should be vigilant of the following groups:
The following is a partial list of hacktivist groups involved in recent cyber operations:
Hacktivist Attacking Malaysia (#OPMALAY)
Hacktivist Attacking Indonesia (#OpsPaybackID)
We observed numerous Indonesian hacktivist groups uniting to attack Malaysian websites, while the number of Malaysian hacktivist groups remains comparatively smaller. Interestingly, these groups had previously collaborated in attacks on Israeli and Indian websites. However, a minor conflict led to a split, with both sides turning against each other, even going as far as doxxing members of opposing teams. This highlights a key lesson in the cyber world: never fully trust anyone.
