PETALING JAYA - Thirty-three Malaysian websites have been defaced as of 3.40pm yesterday, according to CyberSecurity Malaysia.
"The incident is real and we are investigating, monitoring and working closely with other agencies to mitigate it," said CyberSecurity Malaysia chief executive officer Datuk Dr Amirudin Abdul Wahab.
Some of the websites - blogs which are relatively unknown, and are not affiliated to any official body or large corporation - were defaced by the hacker group ExtremeCrew and featured the official souvenir booklet of the Kuala Lumpur SEA Games 2017, which erroneously carried the Indonesian flag upside down.
The group posted "Bendera Negaraku Bukanlah Mainan" - which translates to "My national flag is not a plaything" - on these websites, while the Indonesian patriotic song Tanah Air Beta played in the background.
Local courier Easyparcel.my was also a casualty although it seemed to be hit by a different hacker group later in the day.
Kuala Lumpur has since apologised to Jakarta for the flag error after the issue was raised by Indonesian Youth and Sports Minister Imam Nahrawi on Saturday.
Webpage defacement is one of the oldest attacks carried out by amateur hackers, says C.F. Fong, the founder of cybersecurity firm LGMS.
"Hackers can deface a website by exploiting loopholes that may exist in current web applications or the web server configurations," he said.
Professional hackers are less likely to deface websites - they tend to plant sleeping agents and steal information in the background without being detected.