Stucx Team | |
Location | Malaysia |
Date of Initial Activity | 2023 |
Suspected Attribution | Hacktivists |
Motivation | Hacktivism |
Software | Website |
Overview
Common targets
Information
Public Administration
Retail Trade
France
India
Israel
Attack Vectors
Web Browsing
How they operate
DDoS Attacks
One of the core tactics used by Stucx Team is DDoS attacks. These attacks overwhelm a target’s servers with an excessive volume of traffic, making the service unavailable to legitimate users. To carry out these attacks, the group may leverage botnets, networks of compromised devices, to generate massive amounts of traffic. The group’s ability to launch sustained DDoS attacks on targets—particularly critical infrastructure—demonstrates their proficiency in causing widespread disruption. In addition to traditional DDoS techniques, Stucx Team may also utilize more sophisticated methods, such as amplification attacks, which exploit the characteristics of certain internet services to exponentially increase the traffic directed at a target.
Website Defacement
Alongside DDoS attacks, the Stucx Team frequently engages in website defacement campaigns. This tactic involves altering the content of a target website to display messages that align with their political or ideological views. The group generally gains unauthorized access to a target’s website through exploiting vulnerabilities in web applications or Content Management Systems (CMS). Stucx Team has been known to target various website platforms by leveraging SQL injection, cross-site scripting (XSS), and unpatched security flaws in plugins or scripts. Once the attackers successfully breach the site, they replace the content with politically charged messages, often with the goal of drawing attention to their cause.
Target Selection and Tactics
Stucx Team’s selection of targets is highly strategic, driven by geopolitical events and their own ideological goals. For instance, during the Israel-Hamas conflict, the group redirected its operations to target Israeli organizations, emphasizing its politically motivated nature. In these attacks, Stucx Team often focuses on sectors such as government websites, media platforms, and corporate entities that hold significance in the targeted region. Their DDoS attacks and defacements are carefully coordinated, typically beginning with a public announcement on encrypted communication channels such as Telegram, where the group calls for others to join their cause and amplify the attacks.
Operational Coordination
Stucx Team’s operations also benefit from tight coordination among its members, leveraging secure communication platforms and distributed decision-making processes. Given the group’s evolving objectives and their active participation in global political movements, the Telegram channels used by the group serve as a hub for both command-and-control (C2) operations and recruitment. These channels enable the group to quickly mobilize resources, share tools, and distribute new instructions for ongoing operations. This decentralized structure allows the group to act quickly, launching a campaign in response to real-time events and maintaining operational security.
