On average, the number of weekly cyber attacks was up 8% globally in 2023 with experts pointing to artificial intelligence (AI), organized ransomware groups and hacktivism as key drivers. Though hacktivism campaigns tend to be less damaging and less durable than other cyber threats, they are easy to ramp up and thus usually start within hours of a political or social conflict. In the first quarter of 2023, this type of hacking activity accounted for 35% of cyber attacks.
Cyber threat group, SiegedSec, gained momentum during Russia’s invasion of Ukraine and has since been involved in a number of high-publicity breaches. In addition to defacing websites, SiegedSec has compromised ICS and exfiltrated sensitive information and databases from both government and private sector companies.
SiegedSec hacktivist activity at a glance
SiegedSec’s primary mode of attack is through SQL injection and cross-site scripting (XSS). Subsequent to an attack, SiegedSec posts almost exclusively on its Telegram channel—a source not often sufficiently covered by threat intelligence providers—to tout the successful compromise of its victims. This can not only leave an organization and potentially its customers vulnerable, but could have rippling effects on its brand reputation and overall health.
Notable SiegedSec Attacks
- June 23, 2023 across Fort Worth, Texas city government: 150GB of data extracted and posted publicly
- February 15, 2023 at Atlassian: Employee records exfiltrated and published
- November 20, 2023 at Idaho National Laboratory: Personal data of employees at U.S. national security lab released online
- April 16, 2023 at multinational energy organization: Employees personal data and internal corporate data exposed
Multinational energy entity data breach detected
On April 16, 2023, SiegedSec published data exfiltrated from a multinational energy entity and claimed to have access to the organization’s administration panel. The breach exposed employees’ personal data, such as email addresses, names, departments and even vehicle information. Internal corporate data was also uploaded to an anonymous file sharing portal.
The energy organization, which was not a Dataminr customer at the time, was unaware of the breach until it was notified by another organization. As that entity is a Dataminr customer, it received an alert about the breach 10-15 minutes after it occurred.
Recognizing its significance, it notified the energy company, allowing it to swiftly take action. The energy organization put its incident response team immediately to work to determine the extent of the breach, mitigate the impact, patch vulnerabilities and harden its network.
after the breach occurred, Dataminr Pulse for Cyber Risk issued a real-time alert
after the breach, other threat intelligence providers alerted on the breach; some did not alert at all
customer was secured after finding value in Dataminr’s real-time cyber intelligence
Real-time alerting tools provide a wide breadth of coverage, such as Dataminr Pulse for Cyber Risk, which detects risks from more than 1 million unique data sources—including social media, Telegram channels and leak sites—eliminating potential blindspots and increasing situational awareness.
Dataminr Pulse for Cyber Risk
See why organizations like yours rely on Dataminr Pulse for Cyber Risk for actionable, real-time cyber threat intelligence to know first and act faster.
Learn More
Most Active Ransomware Groups in 2022-2023
Top ransomware groups that cybersecurity leaders and teams should pay attention to as they manage today’s complex and fast-moving cyber landscape.
Read More
