On June 25, a group of hackers known as SiegedSec posted between seven and eight gigabytes of illegally obtained data online saying they obtained the data by compromising government servers in Kentucky and Arkansas.
The group says it is now targeting pro-life states after the U.S. Supreme Court released an opinion last week overturning Roe v Wade.
“Like many, we are also pro-choice, one shouldn’t be denied access to abortion,” the group wrote in a Telegram post adding that, “As added pressure to the U.S. government, we have leaked many internal documents and files retrieved from Kentucky’s and Arkansas’ government server. These docs have plenty of employee PII [personally identifiable information] and lots more.”
The group has promised that “the attacks will continue,” and says that their main targets are any pro-life entities, “including government servers of the states with anti-abortion laws.”
Immediately following the release of the Supreme Court opinion last week, Arkansas implemented strict abortion laws, criminalizing the practice in all cases excluding when the mother’s life is at risk. In Arkansas there is no exception for cases of rape or incest and doctors who do not comply with the law face a fine of up to $100,000 and/or 10 years in prison.
Kentucky has implemented similar laws. Abortions are now banned in the state in all cases including rape and incest, with the only exception being when the mother’s life is at risk.
Who is SiegedSec?
According to DarkOwl, a company that claims to be the world’s leading provider of darknet data, SiegedSec is a relatively new group of hackers that DarkOwl considers a “darknet threat actor.”
The hacking group is believed to have been formed in late February 2022, and are responsible for defacing at least 11 websites “with rather juvenile and crude language and graphics including defacements.”
SiegedSec claims that they have successfully defaced over 100 domains and DarkOwl analysts say they have discovered several thousand compromised LinkedIn profiles with references to the hacking group.
DarkOwl claims there is evidence that the hacking group has gained access to sensitive information from at least 30 different companies since they formed in February, however none of the companies targeted have released a notice of any cybersecurity incident.
Many of the companies are small enterprises across a number of industry sectors including healthcare, information technology, insurance, legal, and finance.
The companies targeted reside across the globe including India, Pakistan, Indonesia, South Africa, the U.S., Philippines, Costa Rica, and Mexico among others.
In April of this year, the group’s spokesperson, who goes by the moniker “YourAnonWolf,” surfaced on a popular discussion forum (Breached Forums) where s/he leaked databases, documents and emails containing 17 different organizations’ data including usernames, email addresses and hashed passwords.
Members identify as ‘gay furries’
According to DarkOwl, “The group’s Telegram channel and social media accounts include posts from members that identify as ‘gay furries.’”
The group uses common phrases associated with online furry subculture including “uwu gay furries pwn you,” and “TEH LULZ CONTINUES!” They also use the letters “$ UWU” which imitates a Linux terminal prompt. The letters “UWU” are believed to stand for “overwhelmed with cuteness,” DarkOwl reported.
The online furry subculture anthropomorphizes animals with human personalities.
To date, the group’s activities appear to be limited to stealing data and defacing websites. There is no indication that the group launches ransomware attacks or that they have attempted to sell illegally obtained data.
“According to the themes of their social media posts, and the ‘furry-centric’ brand they’ve embodied, the group appears to be motivated by the sheer fun of the experience,” DarkOwl reported.
DarkOwl warns that although the group is currently “a fairly small operation flying under the radar,” the data the company has been able to obtain on the group indicates that “there are advanced cyber hacktivists involved in the group’s operations.”
There are similarities between SiegedSec and other blackhat hacking groups such as Lulzsec and LAPSUS$. SiegedSec’s spokesperson, YourAnonWolf, uses similar hacking culture phrases that LulzSec’s member, Topiary, uses as well.
“DarkOwl assesses that SiegedSec has the potential to evolve into a high-consequential cyber threat, especially if the group starts demanding extortion payments in conjunction with their attacks,” DarkOwl reported.