Cyber Threat Actor: NullCrew
| Actor Type | Location | Known Incidents |
Activist
|
—
|
4 incidents |
|---|
Profile
NullCrew is a hacker collective known for breaching organizations with perceived inadequate security practices or corrupt associations, publicly exposing vulnerabilities and stolen data. Operating under the alias NullCrew_FTS on Twitter, the group targeted entities across multiple sectors, including telecommunications (Comcast), media conglomerates (Al Arabiya), data brokers (Spokeo), international governmental bodies (UN’s International Civil Aviation Organization), academic institutions (University of Virginia), and government contractors (Klas Telecom, Ukraine’s Science and Technology Center). Their strategic objectives centered on disruption and public shaming, explicitly citing opposition to corruption, government-linked entities, and negligent security postures. Campaigns often emphasized exposing unpatched vulnerabilities, mocking victims for ignoring warnings, and leaking system credentials or internal communications without always exfiltrating consumer data.
The group frequently exploited known vulnerabilities in widely used software, notably leveraging unpatched Zimbra mail server flaws (CVE-2013-7091) for local file inclusion attacks to harvest credentials, as seen in breaches of Comcast and Al Arabiya. They utilized SQL injection against the Science and Technology Center of Ukraine to access emails and weapon-related database references. Operations involved coordinated Twitter announcements, Pastebin data dumps, and taunting victim organizations for inaction. NullCrew collaborated temporarily with The Horsemen Of Lulz during the Al Arabiya intrusion but maintained no publicly documented state affiliations or enduring criminal partnerships. Significant incidents include a nine-victim campaign in April 2014 exposing aviation biometric security systems, telecom infrastructure, and academic data, alongside earlier breaches of Comcast and Al Arabiya that highlighted systemic disregard for vulnerability remediation. Klas Telecom’s transparent response to their breach uniquely garnered NullCrew’s acknowledgment, contrasting their typical ridicule of unresponsive targets.
