Stucx Team (Hacktivists) – Threat Actor

Stucx Team
Location	Malaysia
Date of Initial Activity	2023
Suspected Attribution	Hacktivists
Motivation	Hacktivism
Software	Website

Overview

The Stucx Team is a Malaysian hacktivist group that has been active since at least March 2023. Initially, the group focused on launching distributed denial-of-service (DDoS) attacks against Indian entities, reflecting their strong political stance and willingness to use cyberattacks as a tool to express ideological beliefs. The Stucx Team’s early operations were marked by a strategic approach, targeting critical sectors in India, such as government organizations and businesses, to disrupt their operations and raise awareness about their cause. However, the group’s focus evolved as global geopolitical events shifted. Following the onset of the Israel-Hamas conflict on October 7, 2023, the Stucx Team redirected its efforts toward Israeli organizations, carrying out a series of cyberattacks, including high-profile DDoS campaigns. The group’s rapid shift in targets highlights their responsiveness to real-time global political developments and their adaptability in leveraging cyber tactics to further their agenda.

Common targets

Information

Public Administration

Retail Trade

France

India

Israel

Attack Vectors

Web Browsing

How they operate

DDoS Attacks

One of the core tactics used by Stucx Team is DDoS attacks. These attacks overwhelm a target’s servers with an excessive volume of traffic, making the service unavailable to legitimate users. To carry out these attacks, the group may leverage botnets, networks of compromised devices, to generate massive amounts of traffic. The group’s ability to launch sustained DDoS attacks on targets—particularly critical infrastructure—demonstrates their proficiency in causing widespread disruption. In addition to traditional DDoS techniques, Stucx Team may also utilize more sophisticated methods, such as amplification attacks, which exploit the characteristics of certain internet services to exponentially increase the traffic directed at a target.

Website Defacement

Alongside DDoS attacks, the Stucx Team frequently engages in website defacement campaigns. This tactic involves altering the content of a target website to display messages that align with their political or ideological views. The group generally gains unauthorized access to a target’s website through exploiting vulnerabilities in web applications or Content Management Systems (CMS). Stucx Team has been known to target various website platforms by leveraging SQL injection, cross-site scripting (XSS), and unpatched security flaws in plugins or scripts. Once the attackers successfully breach the site, they replace the content with politically charged messages, often with the goal of drawing attention to their cause.

Target Selection and Tactics

Stucx Team’s selection of targets is highly strategic, driven by geopolitical events and their own ideological goals. For instance, during the Israel-Hamas conflict, the group redirected its operations to target Israeli organizations, emphasizing its politically motivated nature. In these attacks, Stucx Team often focuses on sectors such as government websites, media platforms, and corporate entities that hold significance in the targeted region. Their DDoS attacks and defacements are carefully coordinated, typically beginning with a public announcement on encrypted communication channels such as Telegram, where the group calls for others to join their cause and amplify the attacks.

Operational Coordination

Stucx Team’s operations also benefit from tight coordination among its members, leveraging secure communication platforms and distributed decision-making processes. Given the group’s evolving objectives and their active participation in global political movements, the Telegram channels used by the group serve as a hub for both command-and-control (C2) operations and recruitment. These channels enable the group to quickly mobilize resources, share tools, and distribute new instructions for ongoing operations. This decentralized structure allows the group to act quickly, launching a campaign in response to real-time events and maintaining operational security.