Menu
Browse

Cyber Threat Actor: The Knowns

Actor Type Location Known Incidents
 Icon
Activist
Singapore
1 incident
Profile

The Knowns is a hacker groupthat has been publicly identified by the alias “The Knowns” and is associated with Singapore, where the group’s only documented activity to date occurred. In September 2014 the group compromised the membership database of K Box, a Singapore‑based karaoke chain, and subsequently released the stolen personal data online. The breach exposed identity card numbers, contact details, email addresses, dates of birth, marital status, membership numbers and loyalty points for approximately 317,000 individuals. K Box responded by removing the data from three websites, issuing a public letter, and cooperating with the Singapore Police Force and the Personal Data Protection Commission to pursue legal action against the perpetrators.

The group’s stated motivation for the attack was to express discontent over a toll increase at the Woodlands Checkpoint, indicating that their strategic objective was to protest a government policy rather than to pursue financial gain or espionage. By leaking sensitive personal information, The Knowns sought to cause reputational damage and public pressure on the authorities responsible for the toll adjustment. This aligns with a disruption‑oriented motive, as the actors aimed to draw attention to their grievance through the widespread dissemination of private data. No other targeting patterns, sectors or regional preferences have been documented in open sources related to this actor.

The Knowns employed a straightforward tactic of exfiltrating data and then publishing it on publicly accessible websites, followed by direct email outreach to multiple media outlets to amplify the leak. The article does not reference any specific malware, exploit kits, or sophisticated intrusion tools, so no further technical details about their initial access vectors or tooling style can be confirmed. Victim remediation efforts focused on data removal, public communication, and law‑enforcement collaboration, which are typical responses to such data‑exposure incidents. No public attributions link The Knowns to a state sponsor, criminal consortium, or any broader affiliate network.

The only publicly reported operation involving The Knowns remains the 2014 K Box data breach, which stands as a singular example of their activity and methodology. Consequently, any assessment of their typical behavior, capabilities, or broader threat landscape must be limited to the facts presented in the available sources. This profile reflects solely the verified information without extrapolation or assumption.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
1 source