Threatsec

Threat Actor updated 4 months ago (2024-05-04T20:20:25.909Z)

Download STIX

Preview STIX

ThreatSec is a prominent threat actor, or hacking team, known for its malicious cyber activities. It's part of a larger network that includes other hacktivist groups such as GhostSec, Stormous, Blackforums, and SiegedSec, collectively referred to as the modern-day Five Families group. This coalition engages in a range of cybercriminal activities, including denial-of-service (DoS) attacks, ransomware attacks, and extensive hacking campaigns. The group also has connections with newer entities like KittenSec, which acknowledges its ties with ThreatSec and others. In November 2023, ThreatSec made headlines when it claimed to have gained full control over the IP routing for more than 5,000 servers in the Gaza region. This represented a significant escalation in the group's activities and demonstrated its advanced capabilities. Among the group's notable targets was Alfanet, an internet service provider based in the Gaza Strip. ThreatSec's attack on Alfanet resulted in the shutdown of literally every server owned by the ISP, thereby causing widespread disruption. The attack on Alfanet was independently verified by Doug Madory from monitoring firm Kentik, who confirmed the inaccessibility of Alfanet's services following ThreatSec's claim. Some services remained offline even after the initial report, underlining the severity and impact of the attack. While ThreatSec is known for its anti-oppression stance, its actions have significant consequences, often resulting in widespread service disruptions and potential security risks. As such, it remains a subject of intense focus within cybersecurity circles.

Description last updated: 2024-03-14T17:18:00.988Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Siegedsec	2	SiegedSec, a threat actor or hacking group, has recently come under investigation by NATO due to their involvement in a series of cyber attacks. The group has claimed responsibility for these attacks, which have targeted multiple entities and have raised significant concerns about cybersecurity on a

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Denial of Se...

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Ghostsec	Unspecified	2	GhostSec is a malicious software (malware) that has been identified as a significant threat to computer systems and data security. This malware, designed to exploit and damage computer systems, infiltrates user devices through suspicious downloads, emails, or websites without the user's knowledge. O

Source Document References

Information about the Threatsec Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	6 months ago	Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries
CERT-EU	6 months ago	Operational Technology Threats - ReliaQuest
Securityaffairs	6 months ago	Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks
CERT-EU	6 months ago	Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	6 months ago	GhostSec Evolves With Website Compromise Tools
DARKReading	a year ago	Hackers For Hire Hit Both Sides in Israel-Hamas Conflict
CERT-EU	a year ago	Activist Hackers Are Racing Into the Israel-Hamas War—for Both Sides
CERT-EU	a year ago	Activist Hackers Target Government Websites Amid Escalating Israel-Hamas War
CERT-EU	a year ago	The Israel–Hamas Conflict: Implications for the Cyber Threat Landscape - ReliaQuest
Securityaffairs	a year ago	Both pro-Israeli and pro-Palestinian hacktivists have joined the fight and are targeting SCADA and ICS systems.
CERT-EU	a year ago	A Growing Cyberwar in the Widening Israeli-Hamas Conflict
CERT-EU	a year ago	Hacktivism erupts in Middle East as Israel declares war
CERT-EU	a year ago	Organizations in NATO countries claimed to be compromised by hacktivist operation
CERT-EU	a year ago	Hacking group KittenSec claims to 'pwn anything we see' to expose corruption
CERT-EU	a year ago	Hacking group KittenSec claims to 'pwn anything we see' to expose corruption