Several US states investigating ‘SiegedSec’ hacking campaign

Officials in multiple states are investigating claims by a suspected politically motivated hacking group that websites connected to local governments were breached or defaced.

This week, the SiegedSec group took to Telegram to claim cyberattacks on five state-run websites:

• Nebraska Supreme Court intranet
• South Dakota Boards and Commissions
• Texas State BHEC Personal Information
• Pennsylvania Provider Self-Service
• South Carolina Criminal Justice Information Services (CJIS)

The group shared photos of the websites being defaced, as well as allegedly stolen data. No motive for the attacks was listed in the post but in previous attacks on government bodies in Texas, Kentucky and Arkansas, the group explicitly referenced political issues that prompted their attacks.

While the hackers claimed to launch their previous attacks because of state-level bans on abortion and gender affirming care, some experts have urged people to be wary of any stated reasoning due to a general lack of information about who is running the SiegedSec accounts.

Corey Steel, state court administrator for the Nebraska Judicial Branch, told Recorded Future News that the Administrative Office of Courts and Probation (AOCP) was informed of the attack on their intranet system on Wednesday.

“The AOCP immediately began reviewing logs of the intranet to determine the nature and scope of the attack. Through the course of the investigation, a screenshot of our intranet site was found and posted by the group claiming the attack,” Steel said.

“The Nebraska Judicial Branch intranet was targeted along with governmental entities in other states. There was no compromise of sensitive data related to court cases or personally identifiable information.”

Steel added that they are still investigating the incident to “assess the breach’s extent, identify vulnerabilities, and strengthen” their security posture. Safeguards and enhancements are being implemented in light of the attack, he said.

South Dakota Bureau of Information and Telecommunications representative Dan Hoblick said no sensitive information was compromised in the attack on the South Dakota Boards and Commissions.

The website is a centralized portal where anyone can get information on industry-specific boards or commissions like the South Dakota Board of Technical Professions, the South Dakota Banking Commission, the South Dakota Real Estate Commission and more.

“One state website was compromised and defaced. Since this website is public facing, no sensitive information was compromised,” Hoblick explained.

The incident in Texas – the second this week by SiegedSec actors after their attack on the government of Fort Worth – centered on the Texas Behavioral Health Executive Council.

The council plays a central role in the regulation of behavioral health services and social work practice in Texas.

Darrel Spinks, executive director of the organization, said he notified his IT staff and the Texas Department of Information Resources (DIR) about the incident after receiving inquiries about the incident from Recorded Future News.

“Based on the information and response provided by IT staff and DIR, the Texas Behavioral Health Executive Council (BHEC) has not been hacked,” he claimed, declining to answer several more questions.

Pennsylvania’s Provider Self-Service website, housed within the Pennsylvania Department of Human Services, is a platform for people and companies involved in the state’s childcare industry.

Several officials from the Pennsylvania Office of Administration and governor’s office declined to comment on the attack affecting the website, only writing that they are “looking into the claim.”

The South Carolina Attorney General’s Office said it does not control the South Carolina Criminal Justice Information Services (CJIS) website – which was listed by SiegedSec.

A representative for the office directed Recorded Future News to the South Carolina Law Enforcement Division, which did not respond to requests for comment on the hack.

The South Carolina Law Enforcement Division is a criminal justice information repository that involves the “collecting, processing, storing and disseminating crime data and criminal identification and record information.”

SiegedSec said it stole data from the websites in Texas, Pennsylvania, Nebraska and South Carolina. The attacks on South Dakota and Pennsylvania also involved website defacement.

Data leak researcher Nick Ascoli has been tracking SiegedSec for months and said they group just wrapped up an aggressive offensive campaign called #OpColombia against the Colombian government.

“SiegedSecs missions thus far have involved leaking stolen data and defacing the resources of its targets. Its most notable targets before this campaign have been a variety of commercial and government organizations in Russia, which Sieged claims to have knocked offline, along with a variety of smaller campaigns targeting South American governments, software companies, and healthcare providers,” he said.

“Due to the hacktivist nature of SiegedSec’s operations, they do not have a financial motive behind these attacks and are not asking for money from their victims. When communicating with victims, the leader of SiegedSec, YourAnonWolf, cites ‘fun’ or ‘lulz’ as a primary motivator.”

When contacted by The Guardian this week, YourAnonWolf said SiegedSec “is a small tight-knit group, aside from that, I’d prefer not to give much about our group away.”