Cyber Incident Victim: SiegedSec
Date:
Jun 2023
Location:
United States of America
Summary
A suspected politically motivated hacking group targeted multiple US state government websites, claiming breaches and defacements affecting entities in Nebraska, South Dakota, Texas, Pennsylvania, and South Carolina. The attackers allegedly stole data from several sites and defaced public-facing portals, though officials in Nebraska and South Dakota confirmed no sensitive information was compromised. Texas authorities denied their system was breached, while Pennsylvania and South Carolina agencies were investigating the claims. The group, known for past hacktivist operations citing political issues like abortion restrictions, did not specify a motive for these incidents but historically leaks stolen data without financial demands. Some targeted systems included judicial, behavioral health, childcare, and criminal justice platforms.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On or around June 28, 2023, the hacking group SiegedSec claimed cyberattacks targeting five U.S. state government websites through a Telegram post. The affected entities included the Nebraska Supreme Court intranet, South Dakota Boards and Commissions portal, Texas Behavioral Health Executive Council (BHEC) personal information system, Pennsylvania Provider Self-Service platform, and South Carolina Criminal Justice Information Services (CJIS) site. SiegedSec shared photographic evidence of defaced websites and alleged data theft, though no explicit motive was provided for these specific incidents. The group had previously cited opposition to state-level abortion and gender-affirming care restrictions in attacks against Texas, Kentucky, and Arkansas governments. Nebraska officials confirmed an intrusion into their judicial branch intranet on June 28, discovering a screenshot of their system posted by the attackers during log analysis. South Dakota authorities acknowledged the defacement of their public-facing Boards and Commissions website, which hosts information on professional licensing bodies.
Investigations revealed no compromise of sensitive court data in Nebraska or personally identifiable information in South Dakota. Nebraska’s Administrative Office of Courts and Probation initiated security reviews to assess breach scope and implement safeguards. Texas BHEC Executive Director Darrel Spinks disputed the hack claim after consulting IT staff and the Texas Department of Information Resources, though he declined further elaboration. Pennsylvania officials confirmed only that they were "looking into" the Provider Self-Service website incident, which supports childcare industry operations. South Carolina’s Attorney General’s Office redirected inquiries about the CJIS breach to the state Law Enforcement Division, which did not respond. SiegedSec asserted data theft from Texas, Pennsylvania, Nebraska, and South Carolina systems, while South Dakota and Pennsylvania experienced additional website defacements. Researcher Nick Ascoli noted the group’s transition from #OpColombia—a campaign against Colombian government systems—to these U.S. state attacks, consistent with their history of targeting governments and critical infrastructure without financial motives.