Threatsec

Threat Actor updated 6 months ago (2024-05-04T20:20:25.909Z)
Download STIX
Preview STIX
ThreatSec is a prominent threat actor, or hacking team, known for its malicious cyber activities. It's part of a larger network that includes other hacktivist groups such as GhostSec, Stormous, Blackforums, and SiegedSec, collectively referred to as the modern-day Five Families group. This coalition engages in a range of cybercriminal activities, including denial-of-service (DoS) attacks, ransomware attacks, and extensive hacking campaigns. The group also has connections with newer entities like KittenSec, which acknowledges its ties with ThreatSec and others. In November 2023, ThreatSec made headlines when it claimed to have gained full control over the IP routing for more than 5,000 servers in the Gaza region. This represented a significant escalation in the group's activities and demonstrated its advanced capabilities. Among the group's notable targets was Alfanet, an internet service provider based in the Gaza Strip. ThreatSec's attack on Alfanet resulted in the shutdown of literally every server owned by the ISP, thereby causing widespread disruption. The attack on Alfanet was independently verified by Doug Madory from monitoring firm Kentik, who confirmed the inaccessibility of Alfanet's services following ThreatSec's claim. Some services remained offline even after the initial report, underlining the severity and impact of the attack. While ThreatSec is known for its anti-oppression stance, its actions have significant consequences, often resulting in widespread service disruptions and potential security risks. As such, it remains a subject of intense focus within cybersecurity circles.
Description last updated: 2024-03-14T17:18:00.988Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Siegedsec is a possible alias for Threatsec. SiegedSec, a threat actor or hacking group, has recently come under investigation by NATO due to their involvement in a series of cyber attacks. The group has claimed responsibility for these attacks, which have targeted multiple entities and have raised significant concerns about cybersecurity on a
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Denial of Se...
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Ghostsec Malware is associated with Threatsec. GhostSec is a malicious software (malware) that has been identified as a significant threat to computer systems and data security. This malware, designed to exploit and damage computer systems, infiltrates user devices through suspicious downloads, emails, or websites without the user's knowledge. OUnspecified
2
Source Document References
Information about the Threatsec Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
8 months ago
CERT-EU
8 months ago
Securityaffairs
8 months ago
CERT-EU
8 months ago
CERT-EU
8 months ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago