Cyber Incident Victim: Nebraska Judicial Branch
Date:
Jun 2023
Location:
United States of America
Summary
The SiegedSec hacking group claimed a multi-state cyberattack campaign targeting government websites, including the Nebraska Supreme Court's intranet. The group defaced sites and allegedly stole data, though officials in Nebraska and South Dakota stated no sensitive information was compromised. Nebraska's judicial branch confirmed its intranet was targeted and an investigation was launched to assess the breach's extent and strengthen security. The group's stated motives are often political, but their hacktivist operations are not financially driven.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 28, 2023, the SiegedSec hacking group claimed via Telegram to have conducted a series of cyberattacks against five state-run websites across the United States. The list of claimed targets included the Nebraska Supreme Court intranet, the South Dakota Boards and Commissions website, the Texas Behavioral Health Executive Council (BHEC) Personal Information site, the Pennsylvania Provider Self-Service platform, and the South Carolina Criminal Justice Information Services (CJIS) website. The group publicly shared photographs as evidence, showing defaced websites and allegedly stolen data. While the group had previously cited political motivations, such as state-level bans on abortion and gender-affirming care, for attacks on other states, no specific motive was provided for this particular campaign. Some experts cautioned against accepting the group's stated reasoning due to a general lack of information about the individuals behind the SiegedSec accounts.
The Nebraska Judicial Branch was notified of the attack on its intranet system on Wednesday, June 28. Corey Steel, the state court administrator, confirmed that the Administrative Office of Courts and Probation (AOCP) immediately initiated a review of the intranet logs to determine the nature and scope of the incident. During this investigation, a screenshot of the Nebraska Judicial Branch intranet was discovered, which had been posted online by the group claiming responsibility. The investigation concluded that the intranet was targeted along with governmental entities in other states. Officials stated there was no compromise of sensitive data related to court cases or any personally identifiable information. The Nebraska Judicial Branch continued its investigation to fully assess the breach’s extent, identify vulnerabilities, and strengthen its security posture. In response to the attack, safeguards and enhancements were being implemented.
In South Dakota, the attack targeted the Boards and Commissions website, a public-facing portal providing information on various industry-specific boards. Dan Hoblick, a representative for the South Dakota Bureau of Information and Telecommunications, confirmed that one state website was compromised and defaced. Due to the public nature of the website, no sensitive information was compromised in the incident.
The Texas Behavioral Health Executive Council (BHEC), which regulates behavioral health services and social work in the state, was another named target. Darrel Spinks, the executive director of the BHEC, was notified of the claim and subsequently alerted his IT staff and the Texas Department of Information Resources (DIR). However, based on the information and response provided by these entities, Spinks claimed that the Texas Behavioral Health Executive Council had not been hacked. He declined to answer further questions regarding the incident.
Officials in Pennsylvania were investigating the claim against the state’s Provider Self-Service website. This platform, housed within the Pennsylvania Department of Human Services, serves individuals and companies involved in the state’s childcare industry. Several officials from the Pennsylvania Office of Administration and the governor’s office declined to comment on the attack, stating only that they were "looking into the claim."
The South Carolina Attorney General’s Office responded to inquiries about the attack on the South Carolina Criminal Justice Information Services (CJIS) website by stating it does not control that system. A representative directed inquiries to the South Carolina Law Enforcement Division (SLED), which serves as a criminal justice information repository. SLED did not respond to requests for comment on the hack. SiegedSec claimed to have stolen data from the websites in Texas, Pennsylvania, Nebraska, and South Carolina, while the attacks on South Dakota and Pennsylvania involved website defacement.
According to a data leak researcher tracking the group, SiegedSec had just concluded an aggressive offensive campaign against the Colombian government, known as #OpColombia, prior to this activity. The group's operations were characterized as hacktivist in nature, lacking a financial motive and not involving ransom demands. Their typical actions involved leaking stolen data and defacing the resources of their targets. Previous notable targets included a variety of commercial and government organizations in Russia, as well as South American governments, software companies, and healthcare providers. The leader of SiegedSec, who uses the alias YourAnonWolf, described the group as a "small tight-knit group" but preferred not to disclose further details about its composition. When communicating with victims, the leader has previously cited ‘fun’ or ‘lulz’ as a motivation for their actions. The incident prompted investigations in multiple states to verify the claims and assess the potential impact on their systems and any constituent data.