Hacking crew concentrating on states over transition bans claims cyberattack hitting international satellite tv for pc methods

A hacking crew with a historical past of mixing politics and prison actions claimed on Saturday to have “focused varied satellite tv for pc receivers and industrial management methods across the nation, notably in states banning gender affirming care.”

SiegedSec, a bunch that emerged publicly on Telegram on April 3, 2022, claimed that a part of its most up-to-date assault included “a scrumptious provide chain assault,” which allowed the group to “management” a number of corporations’ “accounts used for monitoring satellite tv for pc receivers, VSATs, VOIP providers, and so on.” The businesses embody Halliburton, Shell, Helix Power and Oceaneering, the group claimed.

SiegedSec has claimed a number of assaults on organizations, companies and states. Just lately, it has taken goal at states the place lawmakers have sought to ban or restrict gender affirming care or ban and severely restrict entry to abortion. Final summer time, as an example, the group — which describes its members as “homosexual furry hackers” — focused state authorities companies in Kentucky and Arkansas over these states’ modifications to abortion entry. The group has additionally focused dozens of different corporations world wide with extra conventional hack and information theft operations.

The July 1 message additionally included hyperlinks to obtain roughly 40 gigabytes of knowledge stolen from the town of Fort Price Transportation & Public Works. On June 28, SiegedSec posted what it stated had been roughly 500,000 recordsdata — roughly 180 gigabytes — that purportedly included work orders, worker lists, invoices, police studies, emails between Metropolis of Fort Price workers, digicam footage “and plenty, tons, tons extra~!”

SiegedSec seemingly hit a number of satellite tv for pc receivers: the Trimble netR9 that usually comes with safety disabled by default or default credentials. A web based handbook says that the default person and password are “admin” and “password,” respectively. A cursory look by means of Shodan.io, a database of publicly accessible IP addresses, reveals round 1,374 which might be on-line within the U.S. — though some are honeypots. These receivers are sometimes used for correct positioning and never communications, says Ron Fabela, chief know-how officer at cybersecurity agency Xona.

A few of these receivers may very well be utilized in offshore oil rigs. A screenshot that was among the many paperwork SiegedSec posted to Telegram over the weekend confirmed a map with factors situated simply off Texas’ Gulf Coast, which has a serious focus offshore oil and fuel amenities. Moreover, Helix Power gives providers for the offshore power business.

Fabela stated that up to now any influence from attainable SeigedSec exercise seems to be restricted to monitoring providers, however he famous that offshore rigs have a number of positioning and telemetry strategies. He famous that as SiegedSec seems solely to have deleted the ITC International portal accounts that is likely to be the restrict of their entry with these networks.

Marlink Group, which owns ITC International, couldn’t be reached for remark. A spokesperson for Shell stated the corporate is wanting into the claims. Halliburton, Helix Power and Oceaneering didn’t reply to a request for remark.

“We focused an organization that provides satellite-related and different gadgets referred to as ITC International,” the group stated in response to questions despatched by CyberScoop on Monday to an electronic mail tackle saying the hack. “We’ve got extra occurring with ITC International except for simply deleting accounts, nonetheless I can’t go into specifics.”

Final week, the group introduced a pair of assaults, one on June 23 and one on June 28.

“We’ve got determined to make a message in direction of the united statesgovernment,” the June 23 message learn. “Texas occurs to be one of many largest states banning gender affirming care, and for that, now we have made Texas our goal. [F***] the federal government.”

The Metropolis of Fort Price stated in a June 24 assertion that the information concerned got here from “an inside info system” referred to as Vueworks that facilitates work orders for the Transportation and Public Works and Property Administration departments. There was no indication that another methods had been accessed, the town stated.

A message posted to the group’s Telegram channel June 28 introduced assaults on the Nebraska Supreme Courtroom, the South Dakota Boards and Commissions web site, the Texas State Behavioral Well being Government Council, the South Carolina Felony Justice Info Companies portal and the Pennsylvania Supplier Self-Service web site.

Businesses in every of the states had been investigating the alleged hacks, the File’s Jonathan Greig reported June 30. Texas, Nebraska and South Dakota have legal guidelines or insurance policies banning gender affirming care, whereas South Carolina is contemplating a transition ban, in keeping with the Human Rights Marketing campaign.

The Pennsylvania assault gave the group entry to greater than 15,000 “youngster care information,” SiegedSec stated, “nonetheless we is not going to be leaking any information because of… effectively its youngster care.”

“We didn’t intend to additionally goal states that aren’t a part of the push to ban gender affirming care, nonetheless one alternative appeared with the Pennsylvania PSS hack, however that’s the one exclusion,” the e-mail to CyberScoop learn. “The focused states weren’t opportunistic, we focused them particularly for the gender affirming care points.”

SiegedSec members “focus extra on the message than the cash,” the e-mail learn. “Though we principally take into account ourselves extra blackhat than hacktivists. Cash will not be our principal objective, more often than not we simply wish to have enjoyable and destroy stuff.”