Skip to main content

Operator dossier

Siegedsec is a ransomware operator no longer publishing new disclosures. Darkfield has indexed 19 public victims claimed by this operator between December 8, 2023 and December 9, 2023. SiegedSec is a relatively new threat actor that emerged in December 2023, primarily motivated by hacktivism with a strong focus on anti-Israeli sentiment rather than traditional financial gain through ransomware operations. The group appears to operate independently with suspected ideological motivations tied to pro-Palestinian activism, though their exact geographic origin remains unclear based on publicly available intelligence. Unlike traditional ransomware groups, SiegedSec appears to focus on data theft and public exposure of sensitive information rather than encryption-based extortion, primarily targeting Israeli government entities through opportunistic attacks that exploit web application vulnerabilities and exposed credentials. The group has maintained a relatively low profile with 19 documented victims, almost exclusively targeting Israeli government infrastructure in what appears to be coordinated ideological attacks rather than broad financial campaigns. Based on available reporting, SiegedSec remains active as of late 2023 and early 2024, continuing their focused campaign against Israeli targets through data exfiltration and public disclosure operations.

Most-targeted sectors

Most-affected countries

How we know this. Operator profiles on Darkfield are built from continuous monitoring of every leak site the group is known to operate, cross-correlated with community-curated feeds (RansomLook, ransomware.live, RansomWatch, MISP-galaxy). Status flips from active to inactive when no new disclosure appears for 60 days. MITRE ATT&CK mappings shown in the interactive section below are sourced from CISA, vendor analysis, and the MITRE community catalog — we attribute each technique back to its source. Aliases reflect operator re-brands and affiliate splits.

Inactive ransomware operator

All groups

Siegedsec

19 victims indexed · first seen 3 years ago · last activity 3 years ago

19
Victims indexed
#163 of 364 tracked operators
<1m
Active period
Dec 2023 → Dec 2023
1
Countries hit
top Israel · 1

At a glance

Status
inactive
First seen
3 years ago
Last activity
3 years ago
Onion sites
1 known endpoint
Primary sector
Government · 2 hits

About

SiegedSec is a relatively new threat actor that emerged in December 2023, primarily motivated by hacktivism with a strong focus on anti-Israeli sentiment rather than traditional financial gain through ransomware operations. The group appears to operate independently with suspected ideological motivations tied to pro-Palestinian activism, though their exact geographic origin remains unclear based on publicly available intelligence. Unlike traditional ransomware groups, SiegedSec appears to focus on data theft and public exposure of sensitive information rather than encryption-based extortion, primarily targeting Israeli government entities through opportunistic attacks that exploit web application vulnerabilities and exposed credentials. The group has maintained a relatively low profile with 19 documented victims, almost exclusively targeting Israeli government infrastructure in what appears to be coordinated ideological attacks rather than broad financial campaigns. Based on available reporting, SiegedSec remains active as of late 2023 and early 2024, continuing their focused campaign against Israeli targets through data exfiltration and public disclosure operations.

References

1 link

External sources curated by the MISP threat-intel community.

Timeline

1 months
2023-12-01T00:00:00+00:00 · 19
2023-12-01T00:00:00+00:002023-12-01T00:00:00+00:00

Top countries

🇮🇱 Israel
1

Top sectors

Government
2

MITRE ATT&CK

5 techniques · 4 tactics

Tactics

Initial AccessExecutionDefense EvasionImpact

Techniques

  • T1190Exploit Public-Facing Application
  • T1566Phishing
  • T1059Command and Scripting Interpreter
  • T1027Obfuscated Files or Information
  • T1486Data Encrypted for Impact

Recent victims

Loading…

Onion infrastructure

1 known
  • http://nv5p2mmpctvyqdyyi5zwh4gnifq2uxdx4etvnmaheqlrw6ordrjwxryd.onion

Source

Updated 3 years ago

Data on this page is sourced from the group's own leak posts, cross-checked with public ransomware trackers (RansomLook, ransomware.live, RansomWatch), MITRE ATT&CK, and our own Tor and Telegram crawlers. This is a public observatory page — share freely.

Get alerted the next time Siegedsec posts a victim.

Add Siegedsec to your watchlist — Pro pings you within 5 minutes of any new Siegedsec leak-site post, Telegram callout, or affiliate-rebrand inference.