Cyber Threat Actor: sedut
| Actor Type | Location | Known Incidents |
Criminal
|
India
|
1 incident |
|---|
Profile
sedut is a threat actor tracked under that alias, with open‑source reporting indicating a possible base of operations in India. The actor first came to public attention in late 2022 when a cybersecurity firm identified the name in posts offering alleged access to its networks and proprietary code on underground forums. No further personal details or organizational ties have been disclosed in the available sources.
The actor’s observed targeting focuses on the cybersecurity sector, specifically a firm headquartered in India that provides threat intelligence and dark‑web monitoring services. The stated objective appears to be financial, as sedut attempted to monetize the intrusion by selling claimed access to the victim’s networks, Xvigil platform, codebase, email, Jira and social‑media accounts, as well as offering a purported database and internal documentation for set prices. No explicit references to espionage, disruption, or ideological goals appear in the reported material.
Technically, sedut’s activity in the CloudSEK incident involved the use of Vidar Stealer malware, which was installed on an employee’s laptop during a third‑party servicing event. The malware harvested session cookies, allowing the actor to bypass multi‑factor authentication and gain unauthorized Jira credentials. With those credentials the actor accessed Confluence pages, exfiltrated training materials, internal documents, screenshots of product dashboards, and purchase‑order information for three customers. The stolen data was subsequently advertised on multiple hacking forums, and screenshots of the alleged database schema and dashboard were shared to validate the offering.
Public attribution remains uncertain; while the victim’s CEO suggested that another cybersecurity company known for dark‑web monitoring might be responsible based on attack patterns, no definitive evidence or naming has been provided in open sources. Consequently, no state nexus, criminal consortium, or formal affiliation can be confirmed from the current information.
The most notable operation linked to sedut is the November 2022 breach of CloudSEK, wherein the actor leveraged stolen session cookies obtained via Vidar Stealer to infiltrate Jira and Confluence systems, extract non‑critical internal assets, and attempt to sell the purported access and codebase. This episode represents the only publicly detailed campaign attributed to the alias at present. No additional incidents or broader activity patterns are described in the supplied material.
