Menu
Browse

Cyber Threat Actor: Websites Hunter

Actor Type Location Known Incidents
 Icon
Activist
United Arab Emirates
2 incidents
Profile

The threat actor known as WebsitesHunter, also referenced as websites‑hunter, has been active since at least 2016 and is associated with the United Arab Emirates based on the location of several disclosed incidents. The actor first came to public attention through a leak of customer data from the Kuwait Automotive Imports Company, according to reporting that described the individual as having previously exposed personal details from that firm. This early activity established a pattern of obtaining and publishing personal information from online services. The alias is used consistently across the incidents that have been attributed to the actor. Websites Hunter has targeted online services in the gaming and healthcare sectors, with the verified incidents affecting a Sims‑related custom content website and a private medical centre in the United Arab Emirates. The geographic focus of the known attacks is limited to the UAE, although the gaming site breach involved an international user base. The actor’s stated purpose, as expressed in public statements and the nature of the disclosed data, is to highlight and embarrass organizations that exhibit poor security practices rather than to pursue financial gain or espionage. This objective is reflected in the actor’s use of public disclosure channels to draw attention to the vulnerabilities that were exploited.

In the Sims custom content breach, the actor employed SQL injection to extract user data, which included usernames, names, dates of birth, gender, country, email addresses and passwords stored as unsalted MD5 hashes. For the Al Zahra Private Medical Centre incident, the specific initial access vector was not identified in the available reporting, although the actor claimed responsibility and released sample data. After obtaining the data, the actor disseminated it through file‑sharing services for public download and announced the compromises on platforms such as Twitter and Pastebin. No malware families or custom tooling have been mentioned in the sources related to these operations.

The two most prominently documented operations are the September 2016 compromise of the Sims custom content site, which resulted in the exposure of roughly 118 000 user accounts, and the August 2016 disclosure concerning Al Zahra Private Medical Centre, where over 4 400 job applicant records and 644 patient feedback entries were made public. A earlier incident involving the Kuwait Automotive Imports Company’s customer data is also cited in the reporting as a prior action by the same handle. These episodes illustrate the actor’s repeated use of web‑application vulnerabilities to gather personal information and then publish it to underscore perceived security shortcomings.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
2 sources