SiegedSec

Last updated
SiegedSec
Nickname"Gay Furry Hackers"
FormationApril 2022;2 years ago (2022-04)
DissolvedJuly 2024;4 months ago (2024-07)
Type Cybercrime gang
Purpose Hacktivism
Region
International
Methods Hacking
Membership
"vio", "Kry", "Kittyhawk"
Official language
English
Leader"vio"

SiegedSec, short for Sieged Security and commonly self-described as the "Gay Furry Hackers", [1] [2] was a black-hat Cyberterrorist [3] group, [4] [5] [2] that was formed in early 2022, that committed a number of high profile cyber attacks, including attacks on NATO, [4] [5] [6] Idaho National Laboratory, [1] [2] and Real America's Voice. [7] [8] On July 10, 2024, after attacking The Heritage Foundation, the group announced that they would be disbanding in an effort to avoid closer scrutiny. [9]

Contents

Description

SiegedSec was led by an individual under the alias "vio". [10] Short for "Sieged Security", [11] [12] [13] SiegedSec's Telegram channel was first created in April 2022, [14] and they commonly referred to themselves as "gay furry hackers". [15] [16] SiegedSec has targeted a wide variety of organisations, ranging from intergovernmental organisations like NATO [4] [5] and federal research facilities like the Idaho National Laboratory [1] [2] to right-wing movements like The Heritage Foundation [17] [18] and Real America's Voice, [19] and various U.S. states that have pursued legislative decisions against gender-affirming care. [20]

Notable attacks

Atlassian

On February 14, 2023, major Australian software provider Atlassian had its data leaked on the internet by SiegedSec using stolen employee credentials. 13,000 employee records were affected in this hack, and SiegedSec was also able to obtain floorplans for Atlassian offices. [21]

#OpTransRights movements

In June 2023, SiegedSec targeted several United States government entities to protest anti–gender-affirming-care bills. The hackers released a variety of data including data from the Government of Fort Worth Texas, The Nebraska Supreme Court, and South Carolina police files. [20]

In April and May 2024, SiegedSec began their second trans rights operation, #OpTransRights2. The hackers successfully targeted and leaked data from Real America's Voice [7] [8] and River Valley Church. [22]

University of Connecticut

In July 2023, SiegedSec sent a series of spoof emails to undergraduate University of Connecticut students using LISTSERV, falsely announcing the "Unfortunate Passing of Radenka Maric". During an interview with the Hartford Courant , "vio" claimed responsibility for the incident, explained the vulnerability which allowed for them to perform the hack, and said that they "did it for the lulz". [10]

NATO

In 2023, NATO portals were compromised twice by SiegedSec. The leak totalled over 3000 internal documents. [23] [4] [5] [6] The portals compromised were Joint Advanced Distributed Learning, NATO Lessons Learned Portal, Logistics Network Portal, Communities of Interest Cooperation Portal, NATO Investment Division Portal, and NATO Standardization Office. [24] Shortly after the incident, NATO announced that they would be investigating the attack. [25] [26]

Bezeq

On October 30, 2023, SiegedSec attacked Bezeq, one of the largest Israeli telecommunication providers. The hackers released information on nearly 50,000 customers. [27]

Idaho National Laboratory

In November 2023, Idaho National Laboratory's Oracle HR system was compromised leading to the leaking of personal employee data, [28] with the group demanding that the laboratory put research into "creating real-life catgirls" in exchange for the data to be removed. [12] On February 7, 2024, a number of employees received ransom payment requests in the mail with their data. [29]

The Heritage Foundation

In July 2024, SiegedSec announced that they had breached and leaked data from conservative think tank The Heritage Foundation, which has led the Project 2025 proposals. They released a statement on Telegram, calling the proposals "an authoritarian Christian nationalist plan to reform the United States government." [16] A Heritage spokesperson dismissed the attacks as "a false narrative and an exaggeration", stating that all databases, systems and websites remained secure. [30] [31] The hacking group released chatlogs of a conversation on Signal between "vio" and Heritage Foundation executive Mike Howell, in which Howell stated that he, in collaboration with the FBI, was "in the process of identifying and outting [ sic ] members of your group."

Research papers referencing Siegedsec

United Nations Office of Counter-Terrorism

in mid 2024 a paper released by the United Nations Office of Counter-Terrorism referenced Siegedsec along with GhostSec and Anonymous Sudan [3]

Collaborations

Anonymous Sudan

On November 8th 2023, SiegedSec collaborated with Anonymous Sudan with a claimed breach of Israeli telecommunications company Cellcom in an operation against Israel during the Gaza–Israel conflict. [32]

On November 14th 2023, SiegedSec and Anonymous Sudan posted a claimed attack of critical infrastructure (Including BACnet and Global navigation satellite system devices) within Israel, in the same operation against Israel. [33]

Five Families

In August 2023, an alliance of hacking groups was founded, consisting of SiegedSec, Ghost Security, BlackForums, ThreatSec, and Stormous Ransomware. [34] This alliance went on to claim multiple breaches until eventual inactivity.[ citation needed ]

ByteMeCrew

In December 2023, SiegedSec announced a partnership with hacktivist group ByteMeCrew, claiming a breach against Stalkerware app TheTruthSpy. The two groups worked with Maia arson crimew to report on the breach as part of an ongoing effort against stalkerware. [35] [36] SiegedSec and ByteMeCrew continued claiming breaches until ByteMeCrew's disbandment.[ citation needed ]

KittenSec

SiegedSec collaborated with hacktivist group KittenSec, sharing both "lulz" and anti-NATO motives during attacks on Romania, Greece, France, Chile, Panama, and Italy. [37] [38]

Disbandment

After releasing the Heritage Foundation chatlogs, SiegedSec announced that they would be disbanding "for our own mental health, the stress of mass publicity, and to avoid the eye of the FBI." [39]

Investigations

Following the Idaho National Laboratory attack, it was announced that the FBI as well as the Cybersecurity and Infrastructure Security Agency had been contacted to help investigate the incident. [40]

After a claimed hack, NATO announced it was investigating claims of a databreach on its infrastructure. A NATO official claimed no impact on missions, operations, or military deployments, yet additional cyber security measures were taken to improve security. [41]

Related Research Articles

<span class="mw-page-title-main">Hacktivism</span> Computer-based activities as a means of protest

Internet activism, hacktivism, or hactivism, is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hacker culture and hacker ethics, its ends are often related to free speech, human rights, or freedom of information movements.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

<span class="mw-page-title-main">Jeremy Hammond</span> American political activist and hacker

Jeremy Alexander Hammond, also known by his online moniker sup_g, is an American anarchist activist and former computer hacker from Chicago. He founded the computer security training website HackThisSite in 2003. He was first imprisoned over the Protest Warrior hack in 2005 and was later convicted of computer fraud in 2013 for hacking the private intelligence firm Stratfor and releasing data to WikiLeaks, and sentenced to 10 years in prison.

<span class="mw-page-title-main">Anonymous (hacker group)</span> Decentralized hacktivist group

Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.

<span class="mw-page-title-main">LulzSec</span> Hacker group

LulzSec was a black hat computer hacking group that claimed responsibility for several high profile attacks, including the compromise of user accounts from PlayStation Network in 2011. The group also claimed responsibility for taking the CIA website offline. Some security professionals have commented that LulzSec has drawn attention to insecure systems and the dangers of password reuse. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. One of the founders of LulzSec was computer security specialist Hector Monsegur, who used the online moniker Sabu. He later helped law enforcement track down other members of the organization as part of a plea deal. At least four associates of LulzSec were arrested in March 2012 as part of this investigation. Prior, British authorities had announced the arrests of two teenagers they alleged were LulzSec members, going by the pseudonyms T-flow and Topiary.

Teamp0ison was a computer security research group consisting of 3 to 5 core members. The group gained notoriety in 2011/2012 for its blackhat hacking activities, which included attacks on the United Nations, NASA, NATO, Facebook, Minecraft Pocket Edition Forums, and several other large corporations and government entities. TeaMp0isoN disbanded in 2012 following the arrests of some of its core members, "TriCk", and "MLT".

Anonymous is a decentralised virtual community. They are commonly referred to as an internet-based collective of hacktivists whose goals, like its organization, are decentralized. Anonymous seeks mass awareness and revolution against what the organization perceives as corrupt entities, while attempting to maintain anonymity. Anonymous has had a hacktivist impact. This is a timeline of activities reported to be carried out by the group.

<span class="mw-page-title-main">Israeli Elite Force</span>

Israeli Elite Force (iEF) is a hacktivism group founded two days before OpIsrael on April 5, 2013, that is responsible for multiple high-profile computer attacks and large scale online vandalism. Targets include ISPs, domain registrars, commercial websites, educational institutions, and government agencies. The group's core members are: mitziyahu, Buddhax, amenefus, bl4z3, r3str1ct3d, Mute, Cyb3rS74r, Oshrio, Aph3x, xxtr, Kavim, md5c, prefix, Cpt|Sparrow, gal-, gr1sha, nyxman and TheGodOfHell.

Ryan Ackroyd, a.k.a.Kayla and also lolspoon, is a former black hat hacker who was one of the six core members of the computer hacking group "LulzSec" during its 50-day spree of attacks from 6 May 2011 until 26 June 2011. Throughout the time, Ackroyd posed as a female hacker named "Kayla" and was responsible for the penetration of multiple military and government domains and many high profile intrusions into the networks of Gawker in December 2010, HBGaryFederal in 2011, PBS, Sony, Infragard Atlanta, Fox Entertainment and others. He eventually served 30 months in prison for his hacking activities.

Ghost Security, also known as GhostSec, is a self-described "vigilante" group that was formed to attack ISIS websites that promote Islamic extremism. It is considered an offshoot of the Anonymous hacking collective. According to experts of online jihad activism, the group gained momentum after the Charlie Hebdo shooting in Paris in January 2015. The group claims to have taken down hundreds of ISIS-affiliated websites or social media accounts and thwarted potential terrorist attacks by cooperating with law enforcement and intelligence agencies. The group uses social media hashtags like #GhostSec - #GhostSecurity or #OpISIS to promote its activities.

<span class="mw-page-title-main">Phineas Fisher</span> Hacktivist

Phineas Fisher is an unidentified hacktivist and self-proclaimed anarchist revolutionary. Notable hacks include the surveillance company Gamma International, Hacking Team, the Sindicat De Mossos d'Esquadra and the ruling Turkish Justice and Development Party, three of which were later made searchable by WikiLeaks.

maia arson crimew Swiss hacker (born 1999)

Maia arson crimew, formerly known as Tillie Kottmann, is a Swiss developer and computer hacker. Crimew is known for leaking source code and other data from companies such as Intel and Nissan, and for discovering a 2019 copy of the United States government's No Fly List on an unsecured cloud server owned by CommuteAir. Crimew was also part of a group that hacked into Verkada in March 2021 and accessed more than 150,000 cameras. She is also the founding developer of the Lawnchair application launcher for Android.

<span class="mw-page-title-main">Cyber Partisans</span> Belarusian hacktivist group

Cyber Partisans is a Belarusian decentralized anonymous hacktivist collective emerged in September 2020, known for its various cyber attacks against the authoritarian Belarusian government. The group is part of the broader Belarusian opposition movement.

<span class="mw-page-title-main">2022 Ukraine cyberattacks</span> Attack on Ukrainian government and websites

During the prelude to the Russian invasion of Ukraine and the Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the National and Defense Council (NSDC), were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.

Powerful Greek Army or by the abbreviation "PGA" is a hacker group founded in 2016. The team has carried out numerous cyberattacks both in Greece and worldwide.

Anonymous, a decentralized international activist and hacktivist collective, has conducted numerous cyber-operations against Russia since February 2022 when the Russian invasion of Ukraine began.

<span class="mw-page-title-main">BreachForums</span> Cybercrime forum

BreachForums, sometimes referred to as Breached, is an English-language black hat–hacking crime forum. The website acted as an alternative and successor to RaidForums following its shutdown and seizure in 2022. Like its predecessor, BreachForums allows for the discussion of various hacking topics and distributed data breaches, pornography, hacking tools and various other services.

References

  1. 1 2 3 Rich Stanton (2023-11-23). "Self-described gay furry hackers breach one of the biggest nuclear labs in the US, and demand it begin researching 'IRL catgirls'". PC Gamer. Archived from the original on 2024-05-01. Retrieved 2024-05-01.
  2. 1 2 3 4 "Self-proclaimed 'gay furry hackers' breach nuclear lab". Engadget. 2023-11-22. Archived from the original on 2024-05-01. Retrieved 2024-05-01.
  3. 1 2 Beneath the surface: Terrorist and Violent extremist use of the dark web and cybercrime (PDF). 2024. pp. 23–24.
  4. 1 2 3 4 Lyons, Jessica. "NATO investigates hacktivist group's stolen data claims". www.theregister.com. Archived from the original on 2024-05-01. Retrieved 2024-05-01.
  5. 1 2 3 4 "NATO investigates alleged data theft by SiegedSec hackers". BleepingComputer. Archived from the original on 2024-05-01. Retrieved 2024-05-01.
  6. 1 2 Vicens, A. J. (2023-07-26). "NATO investigating apparent breach of unclassified information sharing platform". CyberScoop. Archived from the original on 2024-05-01. Retrieved 2024-05-01.
  7. 1 2 Thalen, Mikael (2024-04-16). "Furry hackers far-right campaign sets sights on Charlie Kirk, Steve Bannon". The Daily Dot. Archived from the original on 2024-05-01. Retrieved 2024-05-01.
  8. 1 2 Factora, James (19 April 2024). "Gay Furry Hacker Group SiegedSec Breached a Far-Right Media Outlet and Wreaked Havoc". Them. Condé Nast. Archived from the original on 11 July 2024. Retrieved 12 July 2024.
  9. Thalen, Mikael (July 10, 2024). "Read the furious texts the Heritage Foundation sent furry hacking collective SiegedSec after breach". The Daily Dot . Archived from the original on July 10, 2024. Retrieved July 10, 2024.
  10. 1 2 Cross, Alison (July 5, 2023). "UConn targeted in cyberattack allegedly by hacker in group known for targeting government agencies". Hartford Courant . Archived from the original on July 26, 2024. Retrieved July 10, 2024.
  11. Anthony, Abigail (July 11, 2024). "Claws Out: 'Gay Furry Hackers' Target Heritage Foundation". National Review . Archived from the original on July 11, 2024. Retrieved July 11, 2024.
  12. 1 2 Yeo, Amanda (November 24, 2023). "'Gay furry hackers' breach nuclear lab, demand it create catgirls". Mashable . Archived from the original on July 11, 2024. Retrieved July 11, 2024.
  13. Spindler, Emily (November 24, 2023). "Gay Furry Hackers Break Into Nuclear Lab Data, Want Catgirls". Kotaku Australia . Archived from the original on July 11, 2024. Retrieved July 11, 2024.
  14. Vicens, A. J. (July 9, 2024). "Hacktivists release two gigabytes of Heritage Foundation data". CyberScoop. Archived from the original on July 10, 2024. Retrieved July 10, 2024.
  15. Cahill, Sebastian (July 14, 2023). "Gay furry hackers are targeting US states for passing anti-trans legislation". Business Insider . Archived from the original on July 10, 2024. Retrieved July 10, 2024.
  16. 1 2 Musgrave, Shawn (July 9, 2024). ""Gay Furry Hackers" Claim Credit for Hacking Heritage Foundation Over Project 2025". The Intercept . Archived from the original on July 9, 2024. Retrieved July 10, 2024.
  17. Hansford, Amelia (July 10, 2024). "'Gay furry hackers' steal 200GB of data in huge anti-Project 2025 cyber attack". PinkNews . Archived from the original on July 12, 2024. Retrieved July 10, 2024.
  18. Liu, Nicholas (July 10, 2024). ""Gay furry hackers" claim credit for Heritage Foundation cyberattack". Salon.com . Archived from the original on July 10, 2024. Retrieved July 10, 2024.
  19. Factora, James (April 19, 2024). "Gay Furry Hacker Group SiegedSec Breached a Far-Right Media Outlet and Wreaked Havoc". Them . Archived from the original on July 10, 2024. Retrieved July 10, 2024.
  20. 1 2 Wilson, Jason (June 29, 2023). "'Gay furries' group hacks agencies in US states attacking gender-affirming care". The Guardian . Archived from the original on July 26, 2024. Retrieved July 10, 2024.
  21. Abrams, Lawrence (2023-02-16). "Atlassian data leak caused by stolen employee credentials". Bleeping Computer. Archived from the original on 2024-05-09. Retrieved 2024-05-09.
  22. Thalen, Mikael (2024-04-01). "Furry hackers spend stolen church funds on inflatable sea lions after pastor calls out Biden". The Daily Dot. Archived from the original on 2024-07-17. Retrieved 2024-06-18.
  23. Greig, Jonathan (2024-04-16). "NATO 'actively addressing' alleged cyberattack affecting some websites". The Record. Archived from the original on 2024-05-09. Retrieved 2024-05-09.
  24. Lyons, Jessica (October 4, 2023). "'Gay furry hackers' brag of second NATO break-in, steal and leak more data". The Register . Archived from the original on July 11, 2024. Retrieved July 11, 2024.
  25. Vicens, A. J. (October 3, 2023). "NATO investigating breach, leak of internal documents". CyberScoop. Archived from the original on July 11, 2024. Retrieved July 11, 2024.
  26. "Alleged SiegedSec attack against NATO under investigation". SC Magazine . October 4, 2023. Archived from the original on July 11, 2024. Retrieved July 11, 2024.
  27. Thalen, Mikael (2023-10-30). "NATO 'actively addressing' alleged cyberattack affecting some websites". The Daily Dot. Archived from the original on 2024-05-09. Retrieved 2024-05-09.
  28. Hart, Kaitlyn (November 20, 2023). "Idaho National Laboratory experiences massive data breach; employee information leaked online". East Idaho News . Archived from the original on July 11, 2024. Retrieved July 11, 2024.
  29. "Data Breach Resources". Archived from the original on 2024-05-09. Retrieved 2024-05-09.
  30. "Heritage Foundation denies SiegedSec hack". scmagazine.com. July 12, 2024. Archived from the original on July 17, 2024. Retrieved July 25, 2024.
  31. Del Valle, Gaby (July 11, 2024). "Heritage Foundation insists it was not hacked by 'gay furries'". The Verge . Archived from the original on July 26, 2024. Retrieved July 25, 2024.
  32. Scozzari, Sofia (November 16, 2024). "SiegedSec: Fourth operation against Israel". Hackmanac. Retrieved October 29, 2024.
  33. Schappert, Stefanie (November 15, 2023). "Russian hacktivists now targeting Israeli global satellite and Industrial Control Systems". CyberNews. Retrieved October 29, 2024.
  34. Team, Research (September 12, 2024). "New Cyber Alliance: The Five Families Telegram Channel". Cyberint. Retrieved October 29, 2024.
  35. Whittaker, Zack (February 12, 2024). "Hackers uncover new TheTruthSpy stalkerware victims: Is your Android device compromised?". TechCrunch. Retrieved October 29, 2024.
  36. crimew, maia arson (February 12, 2024). "#FuckStalkerware pt. 4 - the truth come out: does TheTruthSpy is secure". maia :3. Retrieved October 29, 2024.
  37. Vicens, A. J. (August 24, 2023). "Hacking group KittenSec claims to 'pwn anything we see' to expose corruption". CyberScoop. Retrieved October 29, 2024.
  38. "Organizations in NATO countries claimed to be compromised by hacktivist operation". SC Media. August 25, 2023. Retrieved October 29, 2024.
  39. Musgrave, Shawn (July 10, 2024). ""Gay Furry Hackers" Feud With Heritage Foundation Exec". The Intercept . Archived from the original on July 11, 2024. Retrieved July 11, 2024.
  40. Greig, Jonathan (November 22, 2023). "Federal agencies investigating data breach at nuclear research lab". The Record by Recorded Future . Retrieved July 10, 2024.
  41. Vicens, A. J. (2023-10-03). "NATO investigating breach, leak of internal documents". CyberScoop. Retrieved 2024-10-29.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.