Cyber Threat Actor: Hanom1960
| Actor Type | Location | Known Incidents |
Activist
|
Uganda
|
4 incidents |
|---|
Profile
Hanom1960, also known online as hanomlulzsec, is a hacktivist whose activity has been linked to Uganda and who has publicly claimed ties to both the LulzSec movement and the Anonymous collective. The actor operates under the Twitter handle @hanomlulzsec and has been identified in multiple breach reports as part of loosely affiliated groups that include Chilean hackers and individuals using aliases such as Hazzard. Public statements and leaked data indicate that Hanom1960 participates in operations framed as protests against perceived corruption and unfavorable trade agreements, aligning with the broader goals of the hacktivist campaigns in which they appear.
The actor’s targeting has focused on governmental institutions across Latin America and Africa, specifically military email servers, ministries of finance, and ministries of foreign affairs. In the Bolivian Army incident, Hanom1960 helped exploit an outdated Zimbra vulnerability and weak server configurations to obtain internal correspondence, officer contact lists and password details, which were leaked to highlight alleged institutional corruption. The Uganda Ministry of Finance breach involved the exfiltration of personal information and password hashes for 220 employees, carried out under the #OpAfrica banner that accused African governments of corruption. Similarly, the Costa Rican Ministry of Foreign Affairs compromise was conducted as part of the #OpPuraVida campaign, where the actor released names, emails, identification numbers, phone numbers and hashed passwords for roughly 530 users to criticize the Central America Free Trade Agreement and pressure policy change. No public reporting attributes financial gain, espionage or state sponsorship to these actions; the stated motivations are consistently tied to social causes and anti‑corruption messaging.
Observed tactics, techniques and procedures include the use of known, publicly disclosed exploits—such as the older Zimbra vulnerability referenced in the Bolivian Army case—and reliance on weak administrative configurations that simplify initial access. After gaining entry, the actor typically extracts email archives, internal databases and credential dumps, then publishes the material on public platforms or social media to amplify the protest message. Tooling appears limited to standard web‑based exploitation methods and the use of Twitter accounts for communication and claim‑making, with no evidence of custom malware families or sophisticated persistence mechanisms. Notable operations linked to Hanom1960 therefore comprise the Bolivian Army email server breach, the Uganda Ministry of Finance intrusion within #OpAfrica, and the Costa Rican Ministry of Foreign Affairs hack under #OpPuraVida, each illustrating a pattern of hacktivist disruption aimed at exposing perceived governmental weaknesses.
