The attacks hit in late June and impacted certain government entities in Nebraska, Pennsylvania, South Carolina, South Dakota and Texas. SiegedSec claimed it exfiltrated data from the government sites, while officials in Nebraska, South Dakota and Texas said sensitive information was unaffected, per SC Media.
The group’s public-sector attacks reportedly impacted websites for the Nebraska Supreme Court intranet; Pennsylvania Provider Self-Service; South Carolina Criminal Justice Information Services; South Dakota Boards and Commissions; Texas state Behavioral Health Executive Council (BHEC); and a Fort Worth, Texas’, website used to facilitate maintenance work orders.
Recently SiegedSec said it had also used a supply chain attack to target energy industry companies Halliburton, Helix Energy, Oceaneering and Shell, CyberScoop reports. This allowed the hackers to take control of accounts the companies used for “monitoring satellite receivers, VSATs, VoIP services, etc.,” SiegedSec said.
MOTIVES?
SiegedSec has said that most of its recent spate of public-sector attacks targeted governments that restrict or ban access to gender-affirming care. Per the Human Rights Campaign, Nebraska, Texas and South Dakota have policies or laws banning access to gender-affirming care for individuals under 18 years old, while South Carolina was considering a similar move. Texas and South Carolina have also looked to expand restrictions beyond youth, to also prohibit access for people up to 26 years old.
SiegedSec said it breached a system used by the Fort Worth city government “to make a message towards the U.S. government,” and that “Texas happens to be one of the largest states banning gender-affirming care, and for that, we have made Texas our target,” per The Guardian.
Pennsylvania is an exception, and a SiegedSec spokesperson using the alias “youranonwolf” told The Guardian in written correspondence that, “The goal of that attack on the Pennsylvania DHS was to simply spread our message, and hopefully encourage others to do the same … We will refrain from targeting states allowing gender-affirming care, but with Pennsylvania we saw a good opportunity that would result in minimum damage.”
This isn’t the first time the group has voiced an ideological motivation, and Mandiant notes that SiegedSec had targeted U.S. entities in July 2022 to protest abortion restrictions.
Still, some observers suggest there are too many unknowns to confidently ascribe a motive to SiegedSec’s activities: “While the hackers claimed to launch their previous attacks because of state-level bans on abortion and gender-affirming care, some experts have urged people to be wary of any stated reasoning due to a general lack of information about who is running the SiegedSec accounts,” wrote Recorded Future News.
IMPACT
Fort Worth discovered a data breach on June 23, as well as that hackers had posted data from an internal city information system, used in handling work orders for the Transportation and Public Works and Property Management departments. The city said in a June 26 update that by that point “there is no lingering unauthorized access to city of Fort Worth computer systems” and “here remains no indication that sensitive data was released.”
Nebraska judicial branch State Court Administrator Corey Steel told Recorded Future News the Administrative Office of the Courts and Probation’s intranet system was hit. As of the June 30 conversation, investigations were ongoing into the full scope of the breach and identify vulnerabilities, but Steel said, “there was no compromise of sensitive data related to court cases or personally identifiable information.”
Similarly, the cyber attack on the South Dakota Boards and Commissions did not compromise sensitive information, a representative of the state’s Bureau of Information and Telecommunications told the outlet.
“One state website was compromised and defaced. Since this website is public facing, no sensitive information was compromised,” said the representative, Dan Hoblick.