📌 Overview
This report presents a continued and in-depth profile of an emerging underground cyber actor operating under the alias SukaLebok06, affiliated with the Indonesian hacktivist collective Sunda Cyber. Leveraging the investigative capabilities of the StealthMole platform, this profile aggregates intelligence from leaked databases, Telegram and dark web activity, and open-source intelligence (OSINT), building on the findings published in our prior report:
In the original report, SukaLebok06 claimed responsibility for leaking 7.6 GB of Indian government data, which contained Aadhaar numbers, names, emails, and other sensitive citizen details. This follow-up profile aims to explore his broader digital footprint, recurring behavioral patterns, and affiliations with cyber collectives such as Sunda Cyber, while also assessing potential identity traces, motivation, and threat level. Although some chatter links him to other cybercrime groups in Southeast Asia, this report focuses exclusively on the identity and operations directly attributable to SukaLebok06, supported by cross-platform activity and digital artifacts uncovered via Stealth Mole.
🧭 Investigation Trail
After publishing the initial report, cybersecurity professional Vishal commented on a potential link between the threat actor and a suspicious AI-based malware platform called PentryzaAI, asking whether this could have been involved in the breach.

That prompted a deeper dive into the PentryzaAI ecosystem, specifically targeting user activity, development aliases, and digital cross-linking. I discovered that a LinkedIn profile—seemingly contributing to PentryzaAI—was using a handle that matched previous activity by SukaLebok06.

Pivoting from this LinkedIn username led to additional trails across Hugging Face, Scribd, and other publicly indexed sites.
🧍♂️ Real-World Identity Trace
From the LinkedIn handle, I pivoted into public search engines and cross-referenced the name, eventually leading to clear matches pointing toward a real-world individual.

📍 Identity Summary
- Name:
Fa*** A***** W******a - Location:
Bandung, West Java, Indonesia - Age: Approx. 16–17 years (Based on grade-level documents and school enrollment)
- Academic Background: Enrolled in XI RPL (Software & Game Development) at SMK BPP Bandung

🔎 Using the real name and documents indexed on Scribd, I found a PPT project titled “Laporan Hasil Penjualan Kue Lebaran (Cake Sales Report for Lebaran)” published under the alias SukaLebok06, suggesting direct name-to-handle linkage.

📱 Instagram & Public Digital Artifacts
Through the StealthMole platform, I discovered a personal Instagram handle connected to the same individual, partially obfuscated as fa***.**7.

One particular post stood out — a welcome message shared during orientation at SMK BPP Bandung for PLS 2023, signed with the same name that appeared on Scribd, LinkedIn, and internal school documents.
📝 Instagram Caption (Translated from Bahasa Indonesia):
✨[I'M Ready For PLS 2023 SMK BPP Bandung]✨
Hello everyone! 👋🏻
Welcome to SMK BPP! Get ready to discover your talents, explore your interests, and become the best version of yourself!
I am Fa*** A***** W******a, a participant in PLS from the Software and Game Development program at SMPN 40 Bandung. I am ready to take part in PLS 2023 and to be active, creative, and innovative during the School Environment Introduction.
"If life is like a canvas, then you are the brush."
SMK BPP Bandung is ready to succeed in PLS 2023.


Since the release of our July 18 report, the threat actor appears to have reacted to the exposure.
🔁 Telegram Handle Changed:
From @SukaLebok06 ➜ to @suka***t — A classic operational security tactic to evade further OSINT monitoring after being publicly identified.

🧠 Conclusion
The evolving digital fingerprint of SukaLebok06 paints a picture of a young, technically savvy, but operationally immature cyber actor deeply rooted in Indonesian hacktivist culture. Despite their age, their activities pose legitimate risks to public sector data infrastructure across South Asia. The convergence of AI experimentation, hacktivist ideology, and underground tooling (like PentryzaAI) signals a rising generation of threat actors born into digital warfare.
This investigation not only highlights the power of OSINT and StealthMole’s data fusion capabilities but also demonstrates how cyber attribution is achievable even when the threat actor operates behind pseudonyms — especially when their online vanity trails are not properly sanitized.
Editorial Note
While every effort has been made to ensure the accuracy and integrity of this report, it is important to recognize that cyber attribution is inherently probabilistic. The correlations and identity traces presented here are based on open-source intelligence (OSINT) and data derived from the StealthMole platform, including Dark Web Trackers, Telegram monitors, the ULP Binder, and Compromised Data Sets. However, attribution in cybersecurity investigations can never be asserted with absolute certainty, especially when dealing with pseudonymous threat actors.
The primary intent of this report is not solely attribution, but rather to demonstrate the analytical depth and cross-platform correlation capabilities offered by StealthMole. Through its integrated toolsets, the platform empowers independent researchers and analysts to uncover hidden connections across fragmented data — from leaked credentials to behavioral patterns — and convert them into actionable threat intelligence.
For access to the full unmasked report or additional investigation materials, please reach out to us privately through a secure communication channel.