Cyber Threat Actor: SiegedSec
| Actor Type | Location | Known Incidents |
Activist
|
United States of America
|
10 incidents |
|---|
Profile
SiegedSec is a politically motivated hacking group operating under that alias, with members reportedly based in the United States. The group conducts hacktivist operations primarily targeting government entities, with a focus on U.S. state-level agencies and international organizations like NATO. Their activities center on breaching unclassified systems, exfiltrating documents, and defacing websites to protest policies or human rights issues, explicitly citing motivations such as opposition to abortion restrictions and bans on gender-affirming care. SiegedSec does not pursue financial gain through these operations, instead leaking stolen data publicly without ransom demands. The group claims responsibility for attacks via Telegram, often sharing defacement images and samples of exfiltrated data to bolster their claims.
Notable operations include two separate breaches of NATO’s unclassified portals in 2023, where they leaked strategic documents and sensitive user information to criticize member states’ human rights records. In mid-2023, SiegedSec executed a coordinated campaign against multiple U.S. state governments, compromising websites in Nebraska, South Dakota, Texas, Pennsylvania, and South Carolina. These attacks involved defacements and data theft from judicial, behavioral health, and criminal justice platforms, though officials in several states confirmed no sensitive data was compromised. Earlier incidents include the breach of Fort Worth’s internal maintenance work order system, where attackers exfiltrated non-sensitive operational documents to make a political statement, and the compromise of Atlassian employee data via stolen third-party app credentials. SiegedSec’s tactics typically involve credential theft for initial access, followed by data exfiltration and defacement, but no malware families or advanced tooling are referenced in attributed incidents. The group’s leader, using the alias YourAnonWolf, describes SiegedSec as a small, tight-knit collective, though public sources note uncertainty regarding potential state affiliations or broader organizational ties.