Menu
Browse

Cyber Threat Actor: OurMine

Aliases: 3 aliases
Actor Type Location Known Incidents
 Icon
Sensationalist
Saudi Arabia
52 incidents
Profile

OurMine is a hacking group known by the aliases OurMine, OurMine Team, and OurMine Security, with public references identifying it as being based in Saudi Arabia. The group has presented itself as a white‑hat security outfit that claims to test the defenses of high‑profile targets and then offers its services to improve security, a stance repeated in multiple statements and communications with victims. Their activities have focused on compromising social media accounts, websites, and online forums belonging to celebrities, technology executives, major corporations, sports organizations, and media outlets.

The group’s typical targeting includes the Twitter, Facebook, and Instagram accounts of prominent individuals such as Mark Zuckerberg, Jack Dorsey, Sundar Pichai, and various athletes, as well as the official accounts of entities like the NFL, FC Barcelona, the International Olympic Committee, Vevo, WikiLeaks, HBO, and the PlayStation Network. They have also breached websites including BuzzFeed, Variety, TechCrunch, Business Insider, and forums such as DayZ and Unity 3D. Their strategic objectives, as expressed in their own messages, center on demonstrating perceived security weaknesses rather than financial gain or espionage, and they often invite victims to contact them for security consulting.

Observed tactics, techniques, and procedures involve credential stuffing using leaked login details from sources like LinkedIn and MySpace, exploiting vulnerabilities in third‑party social‑media management platforms such as Khoros and Audiense Connect, and taking advantage of reused passwords across services. They have employed defacement of web pages, posting taunting messages, launching distributed denial‑of‑service attacks against sites like WikiLeaks, and, after being provoked, leaking internal data as seen with the Vevo incident. The group has also relied on simple methods like guessing weak passwords and has noted the absence of two‑factor authentication on compromised accounts as a facilitating factor. While they claim no malicious intent, their actions have repeatedly resulted in unauthorized access, temporary service disruption, and public embarrassment for the targeted organizations. Their pattern of activity shows a recurring focus on high‑visibility accounts to draw attention to security gaps, a approach they have maintained across multiple years and varied sectors.

Incidents
Attributed incidents available to members
52 incidents
Sources
Sources available to members
24 sources