Cyber Incident Victim: Meta-Fusion GmbH
Date:
Dec 2015
Location:
Germany
Summary
Anonymous breached a Germany-based UN climate conference webcast provider, Meta-Fusion GmbH, leaking employee credentials and site databases in protest against police brutality and perceived inadequacies of the climate summit. The attackers exfiltrated approximately 300 users' personal information including names, emails, and both encrypted and unencrypted passwords across three files, criticizing the company's insufficient server security measures while aligning their actions with environmental activism supporting the Global Climate March.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early December 2015, during the United Nations COP21 climate conference in Paris, the hacktivist collective Anonymous breached the systems of Meta-Fusion GmbH, a Germany-based multimedia firm serving as the official webcast streaming provider for the UN Framework Convention on Climate Change (UNFCCC). This intrusion followed Anonymous’ earlier compromise of the UNFCCC’s main website, which resulted in the leak of personal data belonging to 1,415 officials. Targeting Meta-Fusion specifically, attackers exfiltrated and publicly released three data files containing sensitive internal information. File 1 comprised the company’s site database, while Files 2 and 3 collectively exposed login credentials for approximately 300 employees and associated users. The compromised credentials included full names, organizational affiliations, email addresses, usernames, and both encrypted and unencrypted passwords. Anonymous justified the attack as a protest against perceived police brutality toward COP21 demonstrators and skepticism toward the conference’s environmental commitments, explicitly stating their actions supported the Global Climate March and “Green Rights.” The group characterized the breach as technically unchallenging, attributing success to Meta-Fusion’s inadequate security measures against common vulnerabilities.
The incident immediately disrupted Meta-Fusion’s operations as a critical communications provider for high-profile environmental policy events, damaging its reputation as a leading European contractor for international conventions. Exposed employee credentials created significant risks of credential-stuffing attacks, identity theft, and unauthorized access to corporate and client systems. No statements from Meta-Fusion regarding incident response, forensic analysis, or containment measures were documented in available sources. The breach amplified operational and reputational consequences for UNFCCC by compromising a second service provider during COP21, undermining confidence in the security of its digital infrastructure. Anonymous’ concurrent targeting of UNFCCC and its vendors demonstrated a coordinated effort to disrupt the conference while publicly challenging institutional legitimacy through data leaks. The group’s direct communication with media outlet HackRead provided explicit attribution and ideological motivations, eliminating uncertainties about threat actor identity or objectives.