Hacktivists involved in Project 25 think tank breach disband

Threat group SiegedSec, which earlier this week took responsibility for hacking a think tank closely associated with the Republican Party, has announced that it is disbanding following a mass of publicity that has brought it to the attention of the FBI.

The self-proclaimed ‘gay furry’ hackers claimed to have infiltrated The Heritage Foundation – a US conservative think tank responsible for formulating the Republican Party’s so-called ‘policy wish list’, Project 25.

Chronologising the hack via Telegram and a stream of tech media interviews, the politically motivated hacker collective said that it had infiltrated the Washington DC-based think tank to oppose Project 25’s stance on transgender rights and had subsequently leaked two gigabytes of the foundation’s data.

The data is thought to have contained 72k unique email addresses, primarily used for commenting on articles (along with usernames, IP addresses, comments and stored passwords).

Additionally, the hacking group threatened to leak passwords, email addresses, and full names of every user, including US government employees and the Heritage president, Kevin Roberts.

The hacktivists later told media outlets that it had gained access to the data on July 2 and released it to provide “transparency to the public regarding who exactly is supporting Heritage”.

For its part, Heritage played down the hack – claiming that the two-year-old archive the group snagged had contained incomplete password information, and data that was limited to usernames, names, email addresses of both Heritage and non-Heritage contributors.

The attack was carried out as part of SiegedSec’s “OpTransRights,” campaign, which has previously included the defacement of government websites and data theft from states either considering or implementing anti-abortion or anti-trans legislation.

However, today on Telegram the group announced its intention to quit cybercrime, largely for the wellbeing of members. It said: “We planned to disband later today or tomorrow but given the circumstances I believe it’s best we do so now. for our own mental health, the stress of mass publicity, and to avoid the eye of the FBI.”

Random or targeted?

Keen to weigh in cyber security experts have advised that – regardless of ideological stance – organisations operating in this sector must swiftly determine whether such attacks are random or, in the case of Heritage, targeted.

Cybereason VO and global field CISO Greg Day, said: “With numerous political elections happening worldwide, it’s no surprise that cyber attacks are increasingly targeting this sector.

“Understanding the motive behind the breach and the actions taken during it is crucial. The ability to respond appropriately and promptly determines the commercial impact of the incident.

“In the past, only a few highly skilled incident responders had this knowledge. However, as breaches have become more common, the industry has adapted to enable businesses to manage these situations themselves.

Day claimed that this shift required a new perspective and more technology.  ”Instead of focusing on individual attack events, businesses need to consider the entire malicious operation.

“Historically, we’ve relied heavily on human analysis to piece together evidence, but today we should embrace data normalisation techniques to empower AI to detect adversaries amidst the overwhelming noise that most security teams face.”