IndoHaxSec is a hacktivist collective described in the provided content as pro-Palestinian and, in broader regional reporting, as a pro-Iran-aligned group operating from Indonesia. It is referenced as part of a globally distributed ecosystem of ideologically motivated hacktivist groups active in Middle East-related cyber operations, particularly those driven by the Israel-Palestine conflict. The content also characterizes IndoHaxSec as part of an expanding network. Reported activity in the provided content includes a March 18, 2026 claim that IndoHaxSec leaked 8.3 million Israeli voter records containing names, addresses, emails, phone numbers, geolocation, national ID numbers, and voter registration details. Another mention states that IndoHaxSec published what it described as 8.3 million Israeli residents’ records taken from general election results and framed the leak as support for Palestine and Iran. The content does not provide malware families or bespoke tooling tied to IndoHaxSec. It does, however, note the group’s use of Telegram for operational resilience: according to the cited reporting, IndoHaxSec uses Telegram as a backup system so followers can be redirected to new channels if a primary channel is banned. Known alias in the provided content: indohaxsec.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Sectors the actor has been observed targeting.
Geographies tied to known operations.
Attributed origin per open-source reporting.
2 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
1 indicator attributed to this actor: domains, IPs, hashes, and other artifacts pulled from reporting. View more in app.
4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Data-leak and defacement actor targeting Israeli civilian datasets and occasional US commercial websites for visibility and propaganda impact.
Uses Telegram channels as resilient infrastructure for cybercrime community presence and continuity (rapid channel migration when banned).
Pro-Iran hacktivist group operating from Indonesia as part of Iran’s globalized recruitment ecosystem.
Described as a pro-Palestinian hacktivist collective with an expanding network.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.