Uptime Hamster: 0d 0h 0mDeploy: 5 Jul 2026 10:25Updated: 2026-07-10

StealthMole: We traced the threat actor behind the defacement of Malaysia's Ministry of Health (MOH) website. Our investigation found that the actor has been active on Telegram since 2024, participating in multiple channels related to hacking forums, web shells, spam, hacking tools, and data leaks.

Fecha
29 Jun 2026
Actor
stealthmole_int
Tipo
Breach
Pais
Malaysia
Sector
Health
Confianza
high
60
Prioridad analitica
Media

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

2IOCs
0TTPs
stealthmole_intActor
MalaysiaPais
Executive Summary
StealthMole cyber threat intelligence on ransomware, data leaks and criminal underground ecosystems.

Key Points

  • Tweet original en X
  • Perfil de @stealthmole_int

We traced the threat actor behind the defacement of Malaysia's Ministry of Health (MOH) website. Our investigation found that the actor has been active on Telegram since 2024, participating in multiple channels related to hacking forums, web shells, spam, hacking tools, and data leaks.

StealthMole cyber threat intelligence on ransomware, data leaks and criminal underground ecosystems.


We traced the threat actor behind the defacement of Malaysia's Ministry of Health (MOH) website. Our investigation found that the actor has been active on Telegram since 2024, participating in multiple channels related to hacking forums, web shells, spam, hacking tools, and data leaks. We also observed that the actor changed usernames multiple times before recently adopting the alias "Mushr00w." In addition, we identified past messages in which the actor used Turkish in a data leak tool channel, providing another potential lead for attribution. The Star (@staronline) The National Cyber Security Agency (Nacsa) says that several government websites, including those of the Health Ministry (MOH), Malaysia Co-operative Societies Commis­sion, Handicraft Development Corporation, and Women’s Development Department, have been hacked. f.mtr.cool/nfkjgsbebc Link Govt websites hacked, says Nacsa PETALING JAYA: The National Cyber Security Agency (Nacsa) says that several government websites, including those of the Health Ministry (MOH), Malaysia Co-operative Societies Commis­sion, Handicraft... thestar.com.my — https://nitter.net/staronline/status/2071031916619325842#m

StealthMole: We traced the threat actor behind the defacement of Malaysia's Ministry of Health (MOH) website. Our investigation found that the actor has been active on Telegram since 2024, participating in multiple channels related to hacking forums, web shells, spam, hacking tools, and data leaks.

StealthMole: We traced the threat actor behind the defacement of Malaysia's Ministry of Health (MOH) website. Our investigation found that the actor has been active on Telegram since 2024, participating in multiple channels related to hacking forums, web shells, spam, hacking tools, and data leaks.


Referencias

Diamond Model

Adversary
stealthmole_int
Ver perfil →
Victim
StealthMole: We traced the threat actor behind the defacement of Malaysia's Ministry of Health (MOH) website. Our investigation found that the actor has been active on Telegram since 2024, participating in multiple channels related to hacking forums, web shells, spam, hacking tools, and data leaks.
Malaysia
Capability
Breach
Infrastructure
f.mtr.cool
thestar.com.my

Indicadores de Compromiso (IOCs)

TipoValorContextoOSINT
domain f.mtr.cool observed in tweet VT OffSec SOCRadar
domain thestar.com.my observed in tweet VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor stealthmole_int en el blog → Ver stealthmole_int en IntelTracker → URL IntelTracker: nitter.net→ URL IntelTracker: x.com → Fuente OSINT: nitter.net→ Fuente OSINT: x.com → Buscar stealthmole_int en APTTrail → Repositorio APTTrail → Mas incidentes en Malaysia → Buscar en Google News → Analizar en VirusTotal → Feed RSS del blog
← Volver al panel de inteligencia

Incidentes recientes