Threat Actor Profile SiegedSec

pWe use cookies to ensure you get the best experience See our platform Terms and Privacy PolicyppIn the everchanging digital landscape new cyber adversaries continuously emerge One of the latest entrants in this arena is SiegedSec an emergent cyber threat group that gained momentum during Russias invasion of Ukraine Positioning themselves as masters of data leaks they have expanded their reach targeting many sectors across the globe This article seeks to demystify SiegedSec offering insights into their attack methodologies instruments victims and most recent activities while also offering advice on how businesses can fortify their defenses against such cyber onslaughtsppSiegedSec is a hacktivist group that appeared coincidentally days before Russias invasion of Ukraine Under the leadership of a hacktivist known as YourAnonWolf the group has swiftly advanced in its potency announcing an increasing volume of victims after they appearedppThe last thing that caught our eye was the groups Twitter account which was continuously suspendedppWe see that the Twitter page of SiegedSec has been inactive for a long time we think this is due to the fact that they are frequently suspendedppThe founderadministrator of the group is YourAnonWolf When we look at the chat channel we see that the user is currently managing the group under the nickname vioppWe have seen posts about vio leaving the group at various times but we dont know which user was running the group when vio leftppSiegedSecs attacks include ppTheir attacks often include juvenile and crude language and graphics Based on some of the groups posts the group says that the attacks are for funppSiegedSecs attacks are primarily carried out using basic SQL injection and CrossSite Scripting XSS attacks The groups technical prowess has been compared to Lulzsec a highprofiled cyber threat group from the early 2010sppThey have targeted companies across diverse industry sectors including healthcare IT insurance legal and finance ppIncluding current events such as NATO it is observed that it mostly attacks the sector called Public Administration in other words government organizationsppSiegedSec has successfully targeted companies across various industries and locations including India Indonesia South Africa USA Philippines Mexico and others They have leaked data from at least 30 different companies since their start in February 2022 showing no preference for industries or locationsppChecking the countries where the organizations they attacked are located it is seen that the majority about 32 is the organizations located in the United StatesppLooking at some of the groups posts it seems that they have a friendly relationship with GhostSec another hacktivist groupppAt the same time in SiegedSecs chat group we see that there is a user who manages the GhostSecs Telegram channel and in the profile information of SiegedSecs administrator vio we see that vio is a GhostSec memberppIn recent months SiegedSec has claimed to have defaced over 100 domains and leaked significant volumes of stolen data from compromised networksppOn February 15 2023 one day after Valentines Day SiegedSec shared a post with a Valentines Day reference and Atlassian data with employee informationppIn late May they targeted an Indiabased online news distribution outlet NewsVoir leaking extensive documents and data ppThey have also hinted at a possible interest in financial compensation for their campaigns Communication between them and WebGuruz Technologies shows that the possibility of SiegedSec turning to a data extortion team such as Karakurt is increasingppNATO is actively investigating a claim by the hacking group SiegedSec regarding an alleged data theft from the Communities of Interest COI Cooperation Portal an unclassified platform for NATO members SiegedSec posted what they claim to be hundreds of documents stolen from the portal on Telegram including 845 MB of files and 8000 rows of sensitive user information The leak if confirmed could impact 31 NATO member nations ppIn late of June SiegedSec claimed cyberattacks on five staterun websites including those related to Nebraskas Supreme Court South Dakotas Boards and Commissions Texass Behavioral Health Executive Council Pennsylvanias Provider SelfService and South Carolinas Criminal Justice Information Services CJIS Photos of the defaced websites and allegedly stolen data were shared by the group ppOn August 18 SiegedSec claimed responsibility for breaches against Romanias National Office for Centralized Procurement ONAC and First Credit and Investment Bank mentioning an associate of another threat actor 6ix contributing to the latter attackppSiegedSec is a rising threat in the cyber landscape with the potential to evolve into a highconsequential cyber threat Their activities though currently smallscale indicate the involvement of advanced cyber hacktivists The similarities between SiegedSec and other notorious hacking groups are noteworthy in conclusion their progression should be closely monitoredppAs far as we know the group performs SQL injection XSS attacks and in some research we found information that they use automated tools for scanning In this case it is vital to seriously check and monitor the ports and assets open to the outside ppIncluding these we can list the security measures as followsppBy understanding SiegedSecs methods and targets organizations can take proactive measures to protect themselves against this emerging threatppTechniqueppIDppReconnaissanceppActive ScanningppT1595ppInitial AccessppExploit PublicFacing ApplicationppT1190ppDriveby CompromiseppT1189ppCollectionppArchive Collected Data Archive via UtilityppT1560001ppExfiltrationppExfiltration Over Web ServiceppT1567ppp