Executive Summary
This Open Source Intelligence (OSINT) report provides a comprehensive analysis of the hacktivist group H3C4KEDZ, a Cambodia-based entity targeting Thai infrastructure as part of the #OpThailand operation. The report integrates evidence from network graphs generated by the stealth mole tool and Telegram channel data scraped from the "We_H3c4kedz1" channel, supplemented by additional data provided on August 13, 2025, at 09:31 PM IST. H3C4KEDZ is affiliated with the broader AnonSec-KH (Anonymous Cambodia) network and is known for high-profile breaches, including the exfiltration of 1.5 TB of data from Mahidol University. Their activities, driven by the Cambodia-Thailand border conflict, pose significant risks to Thai educational, governmental, and technological systems.
Methodology
- Data Sources: Network graphs from the stealth mole tool, Telegram channel data from "We_H3c4kedz1," and additional evidence provided on August 13, 2025. Analysis includes user IDs, message IDs, media paths, URLs, and geopolitical tags.
- Timeframe: Data is current as of 09:31 PM IST, August 13, 2025.
- Tools: Stealth mole tool for entity mapping; manual review of Telegram metadata and text content.
- Limitations: Media files (e.g., photos) are inaccessible; reliance on metadata and text for analysis.
Threat Actor Profile: H3C4KEDZ
- Confidence Level: High
- Attribution: Cambodian state-affiliated or nationalist hacktivist group
- Sophistication Level: Medium to High
- Operational Security: Moderate (public Telegram communications indicate lower OPSEC)
Collaborative Network
The group demonstrated extensive collaboration with multiple threat actors:
- BL4CKCYB3R (17 mentions) - Primary operational partner
- NXBBSEC (14 mentions) - Technical specialist group
- Cyber Volk - Strategic alliance partner
- K0LSec × NullSec Philippines - Regional expansion
- DigitalGhost - Latest alliance (August 2025)
- Indonesian cyber teams - Broad coalition building