SiegedSec explained
SiegedSec |
Nickname: | "Gay Furry Hackers" |
Type: | Cybercrime gang |
Purpose: | Hacktivism |
Region: | International |
Methods: | Hacking |
Membership: | "vio", "Kry", "Kit" |
Language: | English |
Leader Name: | "vio" |
SiegedSec, short for Sieged Security and commonly self-described as the "Gay Furry Hackers",[1] [2] was a black-hat criminal hacktivist group, that was formed in early 2022, that committed a number of high profile cyber attacks, including attacks on NATO,[3] [4] [5] Idaho National Laboratory, and Real America's Voice.[6] [7] On July 10, 2024, after attacking The Heritage Foundation, the group announced that they would be disbanding in an effort to avoid closer scrutiny.[8]
Description
SiegedSec was led by an individual under the alias "vio".[9] Short for "Sieged Security",[10] [11] [12] SiegedSec's Telegram channel was first created in April 2022,[13] and they commonly referred to themselves as "gay furry hackers".[14] [15] SiegedSec has targeted a wide variety of organisations, ranging from intergovernmental organisations like NATO and federal research facilities like the Idaho National Laboratory to right-wing movements like The Heritage Foundation[16] [17] and Real America's Voice,[18] and various U.S. states that have pursued legislative decisions against gender-affirming care.[19]
Notable attacks
Atlassian
On February 14, 2023, major Australian software provider Atlassian had its data leaked on the internet by SiegedSec using stolen employee credentials. 13,000 employee records were affected in this hack, and SiegedSec was also able to obtain floorplans for Atlassian offices.[20]
#OpTransRights movements
In June 2023, SiegedSec targeted several United States government entities to protest anti–gender-affirming-care bills. The hackers released a variety of data including data from the Government of Fort Worth Texas, The Nebraska Supreme Court, and South Carolina police files.[19]
In April and May 2024, SiegedSec began their second trans rights operation, #OpTransRights2. The hackers successfully targeted and leaked data from Real America's Voice and River Valley Church.[21]
University of Connecticut
In July 2023, SiegedSec sent a series of spoof emails to undergraduate University of Connecticut students using LISTSERV, falsely announcing the "Unfortunate Passing of Radenka Maric". During an interview with the Hartford Courant, "vio" claimed responsibility for the incident, explained the vulnerability which allowed for them to perform the hack, and said that they "did it for the lulz".[9]
NATO
In 2023, NATO portals were compromised twice by SiegedSec. The leak totalled over 3000 internal documents.[22] The portals compromised were Joint Advanced Distributed Learning, NATO Lessons Learned Portal, Logistics Network Portal, Communities of Interest Cooperation Portal, NATO Investment Division Portal, and NATO Standardization Office.[23] Shortly after the incident, NATO announced that they would be investigating the attack.[24] [25]
Bezeq
On October 30, 2023, SiegedSec attacked Bezeq, one of the largest Israeli telecommunication providers. The hackers released information on nearly 50,000 customers.[26]
Idaho National Laboratory
In November 2023, Idaho National Laboratory's Oracle HR system was compromised leading to the leaking of personal employee data,[27] with the group demanding that the laboratory put research into "creating real-life catgirls" in exchange for the data to be removed.[11] On February 7, 2024, a number of employees received ransom payment requests in the mail with their data.[28]
The Heritage Foundation
In July 2024, SiegedSec announced that they had breached and leaked data from conservative think tank The Heritage Foundation, which has led the Project 2025 proposals. They released a statement on Telegram, calling the proposals "an authoritarian Christian nationalist plan to reform the United States government."[15] A Heritage spokesperson dismissed the attacks as "a false narrative and an exaggeration", stating that all databases, systems and websites remained secure.[29] [30] The hacking group released chatlogs of a conversation on Signal between "vio" and Heritage Foundation executive Mike Howell, in which Howell stated that he, in collaboration with the FBI, was "in the process of identifying and outting members of your group."
Disbandment
After releasing the Heritage Foundation chatlogs, SiegedSec announced that they would be disbanding "for our own mental health, the stress of mass publicity, and to avoid the eye of the FBI."[31]
Investigations
Following the Idaho National Laboratory attack, it was announced that the FBI as well as the Cybersecurity and Infrastructure Security Agency had been contacted to help investigate the incident.[32]
Notes and References
- News: Rich Stanton . 2023-11-23 . Self-described gay furry hackers breach one of the biggest nuclear labs in the US, and demand it begin researching 'IRL catgirls' . 2024-05-01 . PC Gamer . en . 2024-05-01 . https://web.archive.org/web/20240501031307/https://www.pcgamer.com/self-described-gay-furry-hackers-breach-one-of-the-biggest-nuclear-labs-in-the-us-and-demand-it-begin-researching-irl-catgirls/ . live .
- Web site: 2023-11-22 . Self-proclaimed 'gay furry hackers' breach nuclear lab . 2024-05-01 . Engadget . en-US . 2024-05-01 . https://web.archive.org/web/20240501031307/https://www.engadget.com/self-proclaimed-gay-furry-hackers-breach-nuclear-lab-152034192.html . live .
- Web site: Lyons . Jessica . NATO investigates hacktivist group's stolen data claims . 2024-05-01 . www.theregister.com . en . 2024-05-01 . https://web.archive.org/web/20240501031308/https://www.theregister.com/2023/07/27/nato_investigates_hack/ . live .
- Web site: NATO investigates alleged data theft by SiegedSec hackers . 2024-05-01 . BleepingComputer . en-us . 2024-05-01 . https://web.archive.org/web/20240501031308/https://www.bleepingcomputer.com/news/security/nato-investigates-alleged-data-theft-by-siegedsec-hackers/ . live .
- Web site: Vicens . A. J. . 2023-07-26 . NATO investigating apparent breach of unclassified information sharing platform . 2024-05-01 . CyberScoop . en-US . 2024-05-01 . https://web.archive.org/web/20240501031308/https://cyberscoop.com/nato-breach-of-unclassified-information-siegedsec/ . live .
- Web site: Thalen . Mikael . 2024-04-16 . Furry hackers far-right campaign sets sights on Charlie Kirk, Steve Bannon . 2024-05-01 . The Daily Dot . en-US . 2024-05-01 . https://web.archive.org/web/20240501031307/https://www.dailydot.com/debug/furry-hackers-siegedsec-real-americas-voice/ . live .
- Web site: Factora . James . Gay Furry Hacker Group SiegedSec Breached a Far-Right Media Outlet and Wreaked Havoc . Them . Condé Nast . 12 July 2024 . 19 April 2024 . 11 July 2024 . https://web.archive.org/web/20240711193007/https://www.them.us/story/gay-furry-hacker-group-siegedsec-breach-far-right-media-outlet . live .
- News: Thalen . Mikael . Read the furious texts the Heritage Foundation sent furry hacking collective SiegedSec after breach . July 10, 2024 . . July 10, 2024 . July 10, 2024 . https://web.archive.org/web/20240710202756/https://www.dailydot.com/debug/heritage-foundation-hack-sieged-sec-chat-log-retirement/ . live .
- News: Cross . Alison . UConn targeted in cyberattack allegedly by hacker in group known for targeting government agencies . July 10, 2024 . . July 5, 2023 . July 26, 2024 . https://web.archive.org/web/20240726154237/https://www.courant.com/2023/07/05/uconn-targeted-in-cyberattack-allegedly-by-hacker-in-group-known-for-targeting-government-agencies/ . live .
- News: Anthony . Abigail . Claws Out: 'Gay Furry Hackers' Target Heritage Foundation . July 11, 2024 . . July 11, 2024 . July 11, 2024 . https://web.archive.org/web/20240711170418/https://www.nationalreview.com/news/claws-out-gay-furry-hackers-target-heritage-foundation/ . live .
- News: Yeo . Amanda . 'Gay furry hackers' breach nuclear lab, demand it create catgirls . July 11, 2024 . . November 24, 2023 . en . July 11, 2024 . https://web.archive.org/web/20240711170953/https://mashable.com/article/catgirl-real-nuclear-hack . live .
- News: Spindler . Emily . Gay Furry Hackers Break Into Nuclear Lab Data, Want Catgirls . July 11, 2024 . . November 24, 2023 . en-AU . July 11, 2024 . https://web.archive.org/web/20240711170418/https://www.kotaku.com.au/2023/11/gay-furry-hackers-break-into-nuclear-lab-data-want-catgirls/ . live .
- News: Vicens . A. J. . Hacktivists release two gigabytes of Heritage Foundation data . July 10, 2024 . CyberScoop . July 9, 2024 . July 10, 2024 . https://web.archive.org/web/20240710001803/https://cyberscoop.com/hackvists-release-two-gigabytes-of-heritage-foundation-data/ . live .
- News: Cahill . Sebastian . Gay furry hackers are targeting US states for passing anti-trans legislation . July 10, 2024 . . July 14, 2023 . July 10, 2024 . https://web.archive.org/web/20240710204930/https://www.businessinsider.com/gay-furry-hackers-transphobic-hacking-spree-siegedsec-state-governments-texas-2023-7 . live .
- News: Musgrave . Shawn . "Gay Furry Hackers" Claim Credit for Hacking Heritage Foundation Over Project 2025 . July 10, 2024 . . July 9, 2024 . July 9, 2024 . https://web.archive.org/web/20240709224355/https://theintercept.com/2024/07/09/gay-furry-hackers-claim-credit-for-hacking-heritage-foundation-over-project-2025/ . live .
- News: Hansford . Amelia . 'Gay furry hackers' steal 200GB of data in huge anti-Project 2025 cyber attack . July 10, 2024 . . July 10, 2024 . July 12, 2024 . https://web.archive.org/web/20240712200031/https://www.thepinknews.com/2024/07/10/gay-furry-hackers-project-2025/ . live .
- News: Liu . Nicholas . "Gay furry hackers" claim credit for Heritage Foundation cyberattack . July 10, 2024 . . July 10, 2024 . en . July 10, 2024 . https://web.archive.org/web/20240710193304/https://www.salon.com/2024/07/10/gay-furry-hackers-claim-credit-for-heritage-foundation-cyberattack/ . live .
- News: Factora . James . Gay Furry Hacker Group SiegedSec Breached a Far-Right Media Outlet and Wreaked Havoc . July 10, 2024 . . April 19, 2024 . July 10, 2024 . https://web.archive.org/web/20240710190049/https://www.them.us/story/gay-furry-hacker-group-siegedsec-breach-far-right-media-outlet . live .
- News: Wilson . Jason . 'Gay furries' group hacks agencies in US states attacking gender-affirming care . July 10, 2024 . . June 29, 2023 . July 26, 2024 . https://web.archive.org/web/20240726154108/https://www.theguardian.com/us-news/2023/jun/29/siegedsec-gay-furries-group-hacked-information-six-us-states . live .
- Web site: Abrams . Lawrence . 2023-02-16 . Atlassian data leak caused by stolen employee credentials . 2024-05-09 . Bleeping Computer . en-US . 2024-05-09 . https://web.archive.org/web/20240509183225/https://www.bleepingcomputer.com/news/security/atlassian-data-leak-caused-by-stolen-employee-credentials/ . live .
- Web site: Thalen . Mikael . 2024-04-01 . Furry hackers spend stolen church funds on inflatable sea lions after pastor calls out Biden . 2024-06-18 . The Daily Dot . en-US . 2024-07-17 . https://web.archive.org/web/20240717213152/https://www.dailydot.com/debug/sieged-sec-furry-hackers-church-hack/ . live .
- Web site: Greig . Jonathan . 2024-04-16 . NATO 'actively addressing' alleged cyberattack affecting some websites . 2024-05-09 . The Record . en-US . 2024-05-09 . https://web.archive.org/web/20240509183234/https://therecord.media/nato-siegedsec-unclassified-websites-alleged-cyberattack . live .
- News: Lyons . Jessica . 'Gay furry hackers' brag of second NATO break-in, steal and leak more data . July 11, 2024 . . October 4, 2023 . July 11, 2024 . https://web.archive.org/web/20240711171813/https://www.theregister.com/2023/10/04/nato_data_attack/ . live .
- News: Vicens . A. J. . NATO investigating breach, leak of internal documents . July 11, 2024 . CyberScoop . October 3, 2023 . July 11, 2024 . https://web.archive.org/web/20240711013618/https://cyberscoop.com/nato-siegedsec-breac/ . live .
- News: Alleged SiegedSec attack against NATO under investigation . July 11, 2024 . . October 4, 2023 . en . July 11, 2024 . https://web.archive.org/web/20240711171813/https://www.scmagazine.com/brief/alleged-siegedsec-attack-against-nato-under-investigation . live .
- Web site: Thalen . Mikael . 2023-10-30 . NATO 'actively addressing' alleged cyberattack affecting some websites . 2024-05-09 . The Daily Dot . en-US . 2024-05-09 . https://web.archive.org/web/20240509183224/https://www.dailydot.com/debug/seigedsec-israel-bezeq-hack-50k-customers/ . live .
- News: Hart . Kaitlyn . Idaho National Laboratory experiences massive data breach; employee information leaked online . July 11, 2024 . . November 20, 2023 . July 11, 2024 . https://web.archive.org/web/20240711171034/https://www.eastidahonews.com/2023/11/idaho-national-laboratory-experiences-massive-data-breach-employee-information-leaked-online/ . live .
- Web site: Data Breach Resources . 2024-05-09 . 2024-05-09 . https://web.archive.org/web/20240509174208/https://inl.gov/data-breach/ . live .
- Web site: Heritage Foundation denies SiegedSec hack. scmagazine.com. July 12, 2024. July 25, 2024. July 17, 2024. https://web.archive.org/web/20240717005124/https://www.scmagazine.com/brief/heritage-foundation-denies-siegedsec-hack. live.
- News: Heritage Foundation insists it was not hacked by 'gay furries'. The Verge. Del Valle. Gaby. July 11, 2024. July 25, 2024. July 26, 2024. https://web.archive.org/web/20240726080350/https://www.theverge.com/2024/7/11/24196554/siegedsec-heritage-foundation-project-2025-hack-gay-furry. live.
- News: Musgrave . Shawn . "Gay Furry Hackers" Feud With Heritage Foundation Exec . July 11, 2024 . . July 10, 2024 . July 11, 2024 . https://web.archive.org/web/20240711170039/https://theintercept.com/2024/07/10/gay-furry-hackers-feud-with-heritage-foundation-exec-over-hack/ . live .
- News: Greig . Jonathan . Federal agencies investigating data breach at nuclear research lab . July 10, 2024 . . November 22, 2023.