Cyber Threat Actor: TheCthulhu
| Actor Type | Location | Known Incidents |
Activist
|
United Kingdom
|
2 incidents |
|---|
Profile
CthulhuSec, also known as TheCthulhu, is a threat actor whose aliases have appeared in hacking circles and whose location has been noted as the United Kingdom. The actor is referenced in open sources as a well‑known name associated with the public release of stolen data. No further biographical details such as age, affiliation, or organizational ties are provided in the available material.
In June 2016 the actor was linked to a breach of the Muslim Match dating platform, during which approximately 150 000 user accounts and more than 800 000 private messages were compromised. The exposed dataset included usernames, email addresses, IP addresses, geographic locations, hashed passwords and chat logs, many of an intimate or confessional nature. The data was uploaded to the HaveIBeenPwned breach notification service and disseminated in full by TheCthulhu, rendering the website temporarily inaccessible and prompting criticism from users about insufficient encryption.
In January 2016 the actor was associated with an intrusion into the systems of the Fraternal Order of Police, resulting in the theft and public release of roughly 2.5 GB of information. This material comprised internal contracts, limited member personal data and private forum backups. The victim organization attributed the attack to Anonymous and described it as sophisticated, involving a software vulnerability that accepted a fraudulent encryption key, while an independent researcher disputed the Anonymous connection and characterized the intrusion method as trivial. Following the leak the organization took its website offline and engaged law‑enforcement authorities.
The two publicly reported operations show that the actor has targeted both a niche online dating service and a law‑enforcement‑related organization, extracting personally identifiable information and communications before releasing them via breach notification sites and hacker forums. The available sources do not specify the actor’s strategic objectives, malware families, initial access vectors, tooling style, or any state or criminal‑consortium affiliations, so those aspects remain undetermined based on the evidence presented. The actor’s known activity centers on data exfiltration and public disclosure, as demonstrated by the Muslim Match and Fraternal Order of Police incidents.
