Operator dossier

Siegedsec is a ransomware operator no longer publishing new disclosures. Darkfield has indexed 19 public victims claimed by this operator between December 8, 2023 and December 9, 2023. SiegedSec is a relatively new threat actor that emerged in December 2023, primarily motivated by hacktivism with a strong focus on anti-Israeli sentiment rather than traditional financial gain through ransomware operations. The group appears to operate independently with suspected ideological motivations tied to pro-Palestinian activism, though their exact geographic origin remains unclear based on publicly available intelligence. Unlike traditional ransomware groups, SiegedSec appears to focus on data theft and public exposure of sensitive information rather than encryption-based extortion, primarily targeting Israeli government entities through opportunistic attacks that exploit web application vulnerabilities and exposed credentials. The group has maintained a relatively low profile with 19 documented victims, almost exclusively targeting Israeli government infrastructure in what appears to be coordinated ideological attacks rather than broad financial campaigns. Based on available reporting, SiegedSec remains active as of late 2023 and early 2024, continuing their focused campaign against Israeli targets through data exfiltration and public disclosure operations.

Most-targeted sectors

Government2 victims

Most-affected countries

Israel1 victims

How we know this. Operator profiles on Darkfield are built from continuous monitoring of every leak site the group is known to operate, cross-correlated with community-curated feeds (RansomLook, ransomware.live, RansomWatch, MISP-galaxy). Status flips from active to inactive when no new disclosure appears for 60 days. MITRE ATT&CK mappings shown in the interactive section below are sourced from CISA, vendor analysis, and the MITRE community catalog — we attribute each technique back to its source. Aliases reflect operator re-brands and affiliate splits.

Inactive ransomware operator

← All groups

Siegedsec

19 victims indexed · first seen 2 years ago · last activity 2 years ago

Victims indexed

#158 of 348 tracked operators

<1m

Active period

Dec 2023 → Dec 2023

Countries hit

top Israel · 1

At a glance

Status: inactive
First seen: 2 years ago
Last activity: 2 years ago
Onion sites: 1 known endpoint
Primary sector: Government · 2 hits

About

SiegedSec is a relatively new threat actor that emerged in December 2023, primarily motivated by hacktivism with a strong focus on anti-Israeli sentiment rather than traditional financial gain through ransomware operations. The group appears to operate independently with suspected ideological motivations tied to pro-Palestinian activism, though their exact geographic origin remains unclear based on publicly available intelligence. Unlike traditional ransomware groups, SiegedSec appears to focus on data theft and public exposure of sensitive information rather than encryption-based extortion, primarily targeting Israeli government entities through opportunistic attacks that exploit web application vulnerabilities and exposed credentials. The group has maintained a relatively low profile with 19 documented victims, almost exclusively targeting Israeli government infrastructure in what appears to be coordinated ideological attacks rather than broad financial campaigns. Based on available reporting, SiegedSec remains active as of late 2023 and early 2024, continuing their focused campaign against Israeli targets through data exfiltration and public disclosure operations.

References

1 link

External sources curated by the MISP threat-intel community.

ransomlook.io/group/siegedsec

Timeline

1 months

2023-12-01T00:00:00+00:002023-12-01T00:00:00+00:00

Top countries

🇮🇱 Israel

Israel dossier →

Top sectors

Government

Government dossier →

MITRE ATT&CK

5 techniques · 4 tactics

Tactics

Initial AccessExecutionDefense EvasionImpact

Techniques

T1190Exploit Public-Facing Application
T1566Phishing
T1059Command and Scripting Interpreter
T1027Obfuscated Files or Information
T1486Data Encrypted for Impact

Recent victims

Loading…

Onion infrastructure

1 known

http://nv5p2mmpctvyqdyyi5zwh4gnifq2uxdx4etvnmaheqlrw6ordrjwxryd.onion

Source

Updated 2 years ago

Data on this page is sourced from the group's own leak posts, cross-checked with public ransomware trackers (RansomLook, ransomware.live, RansomWatch), MITRE ATT&CK, and our own Tor and Telegram crawlers. This is a public observatory page — share freely.