SiegedSec

SiegedSec, short for Sieged Security and commonly self-described as the "Gay Furry Hackers", was a black-hat criminal hacktivist group/extremist group, that was formed in early 2022, that committed a number of high profile cyber attacks, including attacks on NATO, Idaho National Laboratory, and Real America's Voice. On July 10, 2024, after attacking The Heritage Foundation, the group announced that they would be disbanding in an effort to avoid closer scrutiny.

Description

SiegedSec was led by an individual under the alias "vio". Short for "Sieged Security", SiegedSec's Telegram channel was first created in April 2022, and they commonly referred to themselves as " gay furry hackers". SiegedSec has targeted a wide variety of organisations, ranging from intergovernmental organisations like NATO and federal research facilities like the Idaho National Laboratory to right-wing movements like The Heritage Foundation and Real America's Voice, and various U.S. states that have pursued legislative decisions against gender-affirming care.

Research Papers Referencing Siegedsec

United Nations Office of Counter-Terrorism

in mid 2024 a paper released by the United Nations Office of Counter-Terrorism referenced Siegedsec along with GhostSec and Anonymous Sudan stating:

''"Such individuals and groups, or ‘collectives’, are often branded as ‘hacktivists’ and seek to utilize cyber-attacks to advance their political, religious, or social beliefs, targeting entities perceived as adversaries or aligned with opposing belief systems. The technical capabilities of these malicious actors can vary but their fluidity enables calls to action for cybercriminals across the cyber skillset in support of diverse causes. Leading examples of these types of groups would be Anonymous – the decentralized hacktivist collective – as well as GhostSec, ThreatSec, SiegedSec, Killnet, and Anonymous Sudan, to name but a few. Notably, these groups claim to have targeted critical infrastructure, including hospitals and utility systems, and express the explicit intent to maximize societal impact, inflicting extensive damage, with clear disregard for harm to innocent individuals."''

Notable attacks

Atlassian

* On February 14, 2023, major Australian software provider Atlassian had its data leaked on the internet by SiegedSec, which used stolen employee credentials. 13,000 employee records were affected in this hack, and SiegedSec was also able to obtain floorplans for Atlassian offices.

#OpTransRights movements

* In June 2023, SiegedSec targeted several United States government entities to protest anti–gender-affirming-care bills. The hackers released a variety of data including data from the city of Fort Worth, Texas, the Nebraska Supreme Court, and South Carolina police files.
* In April and May 2024, SiegedSec began their second trans rights operation, #OpTransRights2. The hackers successfully targeted and leaked data from Real America's Voice and River Valley Church.

University of Connecticut

* In July 2023, SiegedSec sent a series of spoof emails to undergraduate University of Connecticut students using LISTSERV, falsely announcing the "Unfortunate Passing of Radenka Maric". During an interview with the ''Hartford Courant'', "vio" claimed responsibility for the incident, explained the vulnerability which allowed for them to perform the hack, and said that they "did it for the lulz".

NATO

* In 2023, NATO portals were compromised twice by SiegedSec. The leak totalled over 3000 internal documents. The portals compromised were Joint Advanced Distributed Learning, NATO Lessons Learned Portal, Logistics Network Portal, Communities of Interest Cooperation Portal, NATO Investment Division Portal, and NATO Standardization Office. Shortly after the incident, NATO announced that they would be investigating the attack.

Bezeq

* On October 30, 2023, SiegedSec attacked Bezeq, one of the largest Israeli telecommunication providers. The hackers released information on nearly 50,000 customers.

Idaho National Laboratory

* In November 2023, Idaho National Laboratory's Oracle HR system was compromised leading to the leaking of personal employee data, with the group demanding that the laboratory put research into "creating real-life catgirls" in exchange for the data to be removed. On February 7, 2024, a number of employees received ransom payment requests in the mail with their data.

The Heritage Foundation

* In July 2024, SiegedSec announced that they had breached and leaked data from conservative think tank The Heritage Foundation, which has led the Project 2025 proposals. They released a statement on Telegram, calling the proposals "an authoritarian Christian nationalist plan to reform the United States government." A Heritage spokesperson dismissed the attacks as "a false narrative and an exaggeration", stating that all databases, systems and websites remained secure. The hacking group released chatlogs of a conversation on Signal between "vio" and Heritage Foundation executive Mike Howell, in which Howell stated that he, in collaboration with the FBI, was "in the process of identifying and outting members of your group."

Collaborations

Anonymous Sudan

* On November 8th 2023, SiegedSec collaborated with Anonymous Sudan with a claimed breach of Israeli telecommunications company Cellcom in an operation against Israel during the Gaza–Israel conflict.
* On November 14th 2023, SiegedSec and Anonymous Sudan posted a claimed attack of critical infrastructure (Including BACnet and Global navigation satellite system devices) within Israel, in the same operation against Israel.

Five Families

* In August 2023, an alliance of hacking groups was founded, consisting of SiegedSec, Ghost Security, BlackForums, ThreatSec, and Stormous Ransomware. This alliance went on to claim multiple breaches until eventual inactivity.

ByteMeCrew

* In December 2023, SiegedSec announced a partnership with hacktivist group ByteMeCrew, claiming a breach against Stalkerware app TheTruthSpy. The two groups worked with Maia arson crimew to report on the breach as part of an ongoing effort against stalkerware. SiegedSec and ByteMeCrew continued claiming breaches until ByteMeCrew's disbandment.

KittenSec

* SiegedSec collaborated with hacktivist group KittenSec, sharing both "lulz" and anti-NATO motives during attacks on Romania, Greece, France, Chile, Panama, and Italy.

Disbandment

After releasing the Heritage Foundation chatlogs, SiegedSec announced that they would be disbanding "for our own mental health, the stress of mass publicity, and to avoid the eye of the FBI."

Investigations

Idaho National Laboratory

* Following the Idaho National Laboratory attack, it was announced that the FBI as well as the Cybersecurity and Infrastructure Security Agency had been contacted to help investigate the incident.

NATO

* After a claimed hack, NATO announced it was investigating claims of a databreach on its infrastructure. A NATO official claimed no impact on missions, operations, or military deployments, yet additional cyber security measures were taken to improve security.

Cooperation with law enforcement (Kittyhawk/LeahKemp)

In April 2025, former SiegedSec member "Kittyhawk," later identified as Leah Kemp, publicly disclosed that she had cooperated with law enforcement in relation to the group's activities. According to a statement posted on her personal website, Kemp began assisting authorities in early March 2024 and continued until July 2024, shortly before the group disbanded.

Kemp stated that her decision to cooperate was motivated by concerns over SiegedSec leader "Vio" and their alleged involvement with Anonymous Sudan—a hacking group associated with anti-Western and anti-LGBTQ+ cyberattacks. In particular, Kemp expressed disillusionment with what she characterized as a shift in the group's mission, accusing Vio of prioritizing notoriety and controversial alliances over hacktivist ideals.

As reported by ''The Daily Dot'', Kemp provided law enforcement with a 271-page document purportedly containing internal SiegedSec communications. The material allegedly included chat logs, operational details, and other internal group data. While the exact contents and impact of the documents remain undisclosed by law enforcement,

The revelation that Kemp had cooperated with law enforcement drew mixed reactions from former SiegedSec members and observers. Actions by former members, such as "mirrorless" sharing allegations of Kemp working with federal agencies, indicated internal division and disapproval. Kemp stated feeling betrayed due to the alleged ties between "vio" and Anonymous Sudan, which reportedly motivated Kemp's initial contact with police, while also acknowledging her own actions could be seen as a betrayal by others. SiegedSec's disbandment in July 2024 was initially attributed by the group due to heightened attention following the Heritage Foundation hack and "fears of the FBI"; however, these fears were amplified by the internal conflict and distrust stemming from the informant rumors and Kemp's cooperation with authorities.

References

{{Furry fandom

Defunct LGBTQ organizations
Furry fandom
Hacker groups
Hacking in the 2020s
Hacktivists
LGBTQ collectives
LGBTQ political organizations
LGBTQ-related controversies
Opposition to NATO
Organizations disestablished in 2024
Organizations established in 2022
Internet-based activism
Cybercrime in the United States