✅ Report Title: Quick Overview of CLOBELSECTEAM: #OpJapan Campaign
✅ Executive Summary:
- CLOBELSECTEAM, a hacktivist group that emerged in June 2025, claims cyberattacks against government, military, aviation, and energy sectors, engaging in data sales and exposure of sensitive documents.
- Since October 2025, the group intensified operations against Japan by forwarding #OpJapan campaign messages initiated by allied group هێزی ڕەش (@HeziRashNW).
- The campaign was presented as a response to alleged discrimination against Kurdish Muslim immigrants in Japan.
- Analysis of disclosed samples showed many items were publicly available via Google search, suggesting possible exaggeration of breach claims.
📌 Who Is CLOBELSECTEAM?
- Name: CLOBELSECTEAM
- Operators: ClayOxtymus1337, ResideLocker
- Type: Hacktivist
- Purpose: Financial extortion through alleged data breaches and hacking claims
- Headquarters: China (Russia, North Korea, Vietnam)
- Language: Chinese, Russian, English
- Targeted Countries: Japan, United States, France, Italy, United Kingdom, Ukraine, Indonesia, etc.
- CLOBELSECTEAM, which emerged in June 2025, operates under the slogan “Hacking for justice is a very interesting thing 🇷🇺🇨🇳🇰🇵🇻🇳,” symbolizing its so-called ideological justification for cyberattacks.
- The administrators are known as @ClayOxtymus1337 and @ResideLocker, with core members including @petrush4x0r and @CLOBELSECTEAM.
- The group primarily operates on its Telegram channel but is also active on major dark web forums (DarkForums, Breachforums) and various social media platforms such as Twitter and Instagram.
📌 Background And Motivation Behind The #OpJapan Campaign
- (2025-10-01) CLOBELSECTEAM began forwarding #OpJapan Telegram messages from allied group هێزی ڕەش (Black Force), marking the start of operations targeting Japan.
- (2025-10-02) The group declared intent to hack Japanese systems in retaliation for protests related to deportation of Kurdish immigrants.
- (2025-10-22) The group justified attacks by citing discrimination against Muslims in Japan and threatened to continue Operation System Japan until policy changes occur.
📌 Operation Japan Campaign – Key Timeline
| Date | Key Activity |
|---|---|
| 2025-09-21 | Created Telegram channel "CLOBELSECTEAM WORLD" |
| 2025-10-01 | Initiated cyberattacks under #OpJapan campaign |
| 2025-10-02 | Claimed breach of Japanese nuclear fusion research facilities and data leaks |
| 2025-10-07 | Claimed to sell data allegedly stolen from Microsoft Japan and other IT companies |
| 2025-10-08 | Announced alliance with Hezi Rash group |
| 2025-10-22–29 | Claimed data leaks from Japanese government, defense, healthcare, and research institutions |
| 2025-10-30 | Announced plans to deploy ResideLocker malware for disruption in Japan |
📌 Analysis Of Major Operation Japan Activities
1) Claimed Breach Of Japanese Nuclear Research Facilities (2025-10-02)
- The group alleged it accessed documents related to Accelerator-Driven System (ADS), International Thermonuclear Experimental Reactor (ITER), and JT-60SA.
- Disclosed samples were verified as publicly available documents retrievable through Google search.
2) Claimed Data Theft And Sale Of Microsoft Japan, BIGLOBE, Pikara (STNet), And IDC Frontier (2025-10-07)
- CLOBELSECTEAM claimed to have used ResideLocker malware and announced data sales priced at 1,500 to 3,000 USD.
3) Claimed Leak Of Japanese Government And Research Documents (2025-10-29)
- The group asserted exfiltration of materials from multiple government, defense, energy, and research institutions; most materials were confirmed as open-source or publicly accessible.
✅ Recommended Threat Detection And Mitigation Actions:
- Please refer to the link below for detailed analysis and response plans for each case.
🧑💻 Report Author: S2W TALON
👉 Contact us: https://s2w.inc/en/contact
*The full report is available upon request and for QUAXAR subscribers.