Cyber Threat Actor: Golem
| Actor Type | Location | Known Incidents |
Hacker
|
Australia
|
1 incident |
|---|
Profile
The threat actor known by the alias Golem has been observed operating from Australia, based on the only publicly attributed incident to date. The actor’s true identity, organizational affiliations, or any broader campaign history remain undisclosed in open sources. Golem came to public attention following a cyber incident reported in early April 2022 that involved a third‑party service provider. No additional aliases or geographic indicators have been confirmed beyond the Australian location mentioned in the reporting. The limited public record restricts any further characterization of the actor’s structure or objectives.
On 2022‑04‑01, Golem gained unauthorized access to the systems of Pareto Phone, a supplier that provides outreach services for Amnesty International Australia. The intrusion resulted in the exposure of personal information belonging to some of Amnesty’s supporters, specifically names, addresses, contact details, and birth dates. Financial data associated with those supporters was not compromised according to the investigation. The breach prompted Amnesty International Australia to suspend its work with Pareto Phone while the incident was assessed. After initial assurances that donor data had not been accessed, operations were temporarily resumed, only to be halted again when further analysis indicated that supporter information might have been affected.
In response to the incident, Pareto Phone implemented extensive security improvements across its technology stack, internal processes, and staff training programs. Once these measures were in place and verified, Amnesty International Australia resumed collaboration with the supplier while maintaining ongoing monitoring of all third‑party partners to ensure compliance with data protection standards. Forensic investigators concluded that the exposed personal data posed a low risk of misuse, noting that no evidence of financial exploitation or identity theft had been detected. Amnesty International Australia published a public notice about the cyber security event on its official website, as indicated by the source reference. The episode remains the sole publicly documented operation linked to the Golem alias, and no further activity has been attributed to the actor in open source reporting.
