Menu
Browse

Cyber Threat Actor: GrenXPaRTa

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Sensationalist
China
4 incidents
Profile

The threat actor is known by the aliases GrenXPaRTa and Gren Siahaan. Public sources indicate that the actor may be based in China, although no further geographic details are provided. These identifiers appear consistently across the actor’s online posts and claimed responsibility messages. No additional personal or organizational background is disclosed in the available material.

The actor has claimed responsibility for compromising three distinct websites and publishing the obtained data. In December 2015 the actor leaked approximately 7,379 user accounts from befriending.co.uk, including email addresses, usernames and passwords. In May 2015 the actor asserted that lottoland.co.uk was breached, resulting in the release of 9,702 usernames and passwords. Earlier in February 2015 the actor reported hacking the Nigerian Nation Assembly website (nassnig.org) and dumping roughly 49 megabytes of information. Each incident was announced via a blog entry or Twitter account associated with the aliases.

The actor’s public statements focus on claiming the intrusions and distributing the stolen credentials, but they do not describe any specific malware families, exploit tools, or initial access vectors. No details are given about the techniques used to gain entry to the target sites, nor are any particular toolkits or frameworks mentioned. Consequently, the only observable behavior is the acquisition of data followed by its public disclosure on the actor’s own platforms.

Attribution to any state sponsor, criminal consortium or ideological group is not established in the provided sources. The only geographic clue is the possible location in China, which is presented as information that is known rather than confirmed. No public reports link the actor to larger campaigns, financing motives, espionage goals, or disruptive objectives beyond the individual website breaches described. The profile therefore remains limited to the confirmed aliases, the stated location, and the three documented data‑leak incidents.

Incidents
Attributed incidents available to members
4 incidents
Sources
Sources available to members
3 sources