On average, the number of weekly cyber attacks was up 8% globally in 2023 with experts pointing to artificial intelligence (AI), organized ransomware groups and hacktivism as key drivers. Though hacktivism campaigns tend to be less damaging and less durable than other cyber threats, they are easy to ramp up and thus usually start within hours of a political or social conflict. In the first quarter of 2023, this type of hacking activity accounted for 35% of cyber attacks.

Cyber threat group, SiegedSec, gained momentum during Russia’s invasion of Ukraine and has since been involved in a number of high-publicity breaches. In addition to defacing websites, SiegedSec has compromised ICS and exfiltrated sensitive information and databases from both government and private sector companies.

SiegedSec hacktivist activity at a glance

SiegedSec’s primary mode of attack is through SQL injection and cross-site scripting (XSS). Subsequent to an attack, SiegedSec posts almost exclusively on its Telegram channel—a source not often sufficiently covered by threat intelligence providers—to tout the successful compromise of its victims. This can not only leave a company and potentially its customers vulnerable, but could have rippling effects on brand reputation and overall business health.


​Notable SiegedSec Attacks

  • June 23, 2023 across Fort Worth, Texas city government: 150GB of data extracted and posted publicly
  • February 15, 2023 at Atlassian: Employee records exfiltrated and published
  • November 20, 2023 at Idaho National Laboratory: Personal data of employees at U.S. national security lab released online
  • April 16, 2023 at multinational energy company: Employees personal data and internal corporate data exposed

Multinational energy company data breach detected

On April 16, 2023, SiegedSec published data exfiltrated from a multinational energy company and claimed to have access to the company’s administration panel. The breach exposed employees’ personal data, such as email addresses, names, departments and even vehicle information. Internal corporate data was also uploaded to an anonymous file sharing portal.

The energy company, which was not a Dataminr customer at the time, was unaware of the breach until it was notified by another company. As that company is a Dataminr customer, it received an alert about the breach 10-15 minutes after it occurred.

Recognizing its significance, it notified the energy company, allowing it to swiftly take action. The energy company put its incident response team immediately to work to determine the extent of the breach, mitigate the impact, patch vulnerabilities and harden its network.

10-15 minutes
after the breach occurred, Dataminr Pulse for Cyber Risk issued a real-time alert
1 day
after the breach, other threat intelligence providers alerted on the breach; some did not alert at all
1 new
customer was secured after finding value in Dataminr’s real-time cyber intelligence

Real-time alerting tools provide a wide breadth of coverage, such as Dataminr Pulse for Cyber Risk, which detects risks from more than 1 million unique data sources—including social media, Telegram channels and leak sites—eliminating potential blindspots and increasing situational awareness.

Dataminr Pulse for Cyber Risk

See why organizations like yours rely on Dataminr Pulse for Cyber Risk for actionable, real-time cyber threat intelligence to know first and act faster.

Learn More

March 12, 2024

Most Active Ransomware Groups in 2022-2023

Top ransomware groups that cybersecurity leaders and teams should pay attention to as they manage today’s complex and fast-moving cyber landscape.

Read More
  • Cybersecurity
  • Cyber Risk
  • Case Study

Related resources

Case Study

Global Payments Reduces Third-party Risk With Dataminr Pulse

How using Dataminr Pulse helped Global Payments gain greater visibility into its external cyber risks, such as third-party risk exposure, allowing it to better respond to and mitigate the impact of threats like mass zero-day exploitation.


Top 5 Ransomware Attacks This Decade: Patterns and Commonalities

Organizations seeking to strengthen their cybersecurity posture should look to recent, high-profile ransomware attacks, analyzing their shared characteristics to better understand common implications.

On-demand Webinar

Mitigating Third-party Risk in the Age of Mass Zero-day Exploitation

Cyber execs from CISA, Global Payments and Salesforce on managing third-party risk and exposure and cyber-physical threats—and the role AI will play