Threat Actor Characterization
SiegedSec
ID: fdb5014ef144797b626949b3c253102782783Actor Network Graph
Open Network GraphMITRE ATT&CK®
SiegedSec was a 2022–2024 hacktivist collective that publicized politically motivated data leaks against U.S. state agencies, claimed access to NATO unclassified websites, and published Idaho National Laboratory HR data following a third-party (Oracle HCM) compromise.
| Technique | Technique name | Tactics | Evidence |
|---|---|---|---|
| T1199 | Trusted Relationship | TA0001 |
|
| T1190 | Exploit Public-Facing Application | TA0001 |
|
| T1078 | Valid Accounts | TA0001 TA0003 TA0004 TA0005 |
|
| T1110 | Brute Force | TA0006 |
|
| T1565.002 | Transmitted Data Manipulation | TA0040 |
|
CLASSIFICATION: Unclassified / Open Source
Executive Summary
SiegedSec was a politically oriented hacktivist collective active from 2022 until its announced disbandment in 2024-07 after leaking internal data from the Heritage Foundation (linked to “Project 2025”) and citing FBI scrutiny and publicity stress as reasons for dissolving. Public reporting documents campaigns against U.S. state agencies (protesting abortion restrictions or gender-affirming care bans), claims against NATO’s unclassified web systems, and the leak of personal data from the Idaho National Laboratory (INL) following a third-party HR system compromise. The group used public Telegram channels to claim operations, release multi-gigabyte data dumps, and promote a blend of ideological messaging and “for the lulz” theatrics. Overall confidence in these core facts is high based on contemporaneous reporting and institutional statements.
- Industries/Sectors: State and local government; research (national laboratory HR data); intergovernmental organizations (NATO); media/advocacy organizations (e.g., Heritage Foundation).
- Geography (Region): Primarily United States; also Europe (NATO) and global targets of convenience named in claims.
- Countries (if available): United States; multinational NATO context.
- Timeframe: 2022–2024 (formation in early 2022; active through mid-2024; disbandment announced 2024-07-10).