3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
SiegedSec

SiegedSec

ID: fdb5014ef144797b626949b3c253102782783
Hacktivist Group Collective Data Leak Channel Defacement Crew Hacktivism
Threat types: Intrusion, Defacement, Malware, Ransomware
Unknown BEL, CHN, COL, IND, ITA, MEX, RUS, TWN, USA
Updated: 2026-01-13
Created: 2025-10-23
Progress: 57% Completeness: 60% Freshness: 50%
Operation zone: Belgium, China, Colombia, India, Italy, Mexico, Russia, Taiwan, United States
Aliases Limited alias preview
No aliases registered.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: high
Actor Techniques page ATT&CK® Diagram

SiegedSec was a 2022–2024 hacktivist collective that publicized politically motivated data leaks against U.S. state agencies, claimed access to NATO unclassified websites, and published Idaho National Laboratory HR data following a third-party (Oracle HCM) compromise.


Technique Technique name Tactics Evidence
T1199 Trusted Relationship TA0001
  • 2023-11-20 — INL stated stolen HR data originated from the external Oracle HCM platform used by the lab’s contractor. · ref
T1190 Exploit Public-Facing Application TA0001
  • 2023-10-03 — NATO said it was investigating claims that data was stolen from unclassified websites under its control after SiegedSec’s breach claim. · ref
T1078 Valid Accounts TA0001 TA0003 TA0004 TA0005
  • 2023-07-03 — Group claimed to delete accounts in an industry portal (ITC Global), implying use of valid portal credentials to administer/alter accounts. · ref
T1110 Brute Force TA0006
  • 2023-07-03 — Reporting highlighted externally reachable devices (e.g., Trimble NetR9) with factory default credentials that the group said it abused. · ref
T1565.002 Transmitted Data Manipulation TA0040
  • 2023-06-28 — The group routinely released large data dumps (e.g., 40 GB from Fort Worth; 180 GB claim) via public links announced on Telegram. · ref
Strategic Intelligence
Limited preview
Last updated: 2025-10-23T16:46:02+00:00
SIEGEDSEC — Politically-motivated data leaks and opportunistic hacks (2022–2024)

CLASSIFICATION: Unclassified / Open Source


Executive Summary

SiegedSec was a politically oriented hacktivist collective active from 2022 until its announced disbandment in 2024-07 after leaking internal data from the Heritage Foundation (linked to “Project 2025”) and citing FBI scrutiny and publicity stress as reasons for dissolving. Public reporting documents campaigns against U.S. state agencies (protesting abortion restrictions or gender-affirming care bans), claims against NATO’s unclassified web systems, and the leak of personal data from the Idaho National Laboratory (INL) following a third-party HR system compromise. The group used public Telegram channels to claim operations, release multi-gigabyte data dumps, and promote a blend of ideological messaging and “for the lulz” theatrics. Overall confidence in these core facts is high based on contemporaneous reporting and institutional statements.


  • Industries/Sectors: State and local government; research (national laboratory HR data); intergovernmental organizations (NATO); media/advocacy organizations (e.g., Heritage Foundation).
  • Geography (Region): Primarily United States; also Europe (NATO) and global targets of convenience named in claims.
  • Countries (if available): United States; multinational NATO context.
  • Timeframe: 2022–2024 (formation in early 2022; active through mid-2024; disbandment announced 2024-07-10).
Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/4
Address Verification SOCMINT
t.me/Sie******* Restricted Not integrated
t.me/Sie****** Restricted Not integrated
t.me/Sie*********** Restricted Not integrated
Address Verification SOCMINT
si*******@tuta.io Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.