• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

 | 

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

 | 

U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog

 | 

Microsoft issues emergency patches for SharePoint zero-days exploited in "ToolShell" attacks

 | 

SharePoint zero-day CVE-2025-53770 actively exploited in the wild

 | 

Singapore warns China-linked group UNC3886 targets its critical infrastructure

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber warfare
  • Hacking
  • Intelligence
  • US Government coordinated hacktivist to hit foreign governments

US Government coordinated hacktivist to hit foreign governments

Pierluigi Paganini April 25, 2014

Hacktivist Hector Xavier Monsegur, former leader of LulzSec collective, may have coordinated state-sponsored attacks for the U.S. Government.

The New York time published the news that an FBI informant, Hector Xavier Monsegur, coordinated in 2012 a campaign of hundreds of cyberattacks on foreign websites. In many cases we discussed the possibility to exploit hacktivism to support military operations against a foreign government, the US intelligence was accused to have infiltrated popular collectives of hacktivists to coordinate attacks on foreign governments including Iran, Syria, Pakistan and Brazil.

According declarations of participant to the attacks, the group of hackers exploited a vulnerability in a popular web hosting software to steal sensitive information from the government servers. All the information collected during the offensives were uploaded on a server monitored by the FBI according to court statements.

“The details of the 2012 episode have, until now, been kept largely a secret in closed sessions of a federal court in New York and heavily redacted documents. While the documents do not indicate whether the F.B.I. directly ordered the attacks, they suggest that the government may have used hackers to gather intelligence overseas even as investigators were trying to dismantle hacking groups like Anonymous and send computer activists away for lengthy prison terms.” reported the New Youk Times.

Hector Xavier Monsegur, aka Sabu, was one of the leaders of the popular group of hacktivists LulzSec that breached many high profile targets during in the last years, including Sony Pictures (2011). The group also claimed responsibility for taking down many other notorious targets such as  AT&T, Viacom, Disney, EMI, and NBC Universal, The Sun, PayPal, MasterCard, The Times and the CIA.

Sabu once arrested decided to collaborate with law enforcement to track down other members of Anonymous. Various members of the popular group of hacktivists have been identified and arrested. 

Thanks Monsegur, F.B.I. arrested another popular hacktivist, Jeremy Hammond that joined in the group of hackers known as Antisec. Hacktivist Jeremy Hammond was sentenced to 10 years in federal prison, he collaborated with Monsegur to conduct the attack on the private intelligence firm Stratfor.

hacktivist Jeremy-Hammond

During the process Hammond declared that FBI coordinated numerous attacks of Anonymous on foreign governments, after the Stratfor hack in fact Monsegur began supplying Hammond with lists of foreign vulnerable websites representing the targets of the offensives. The collective of hackers led by Mr. Hammond exploited a zero-day vulnerability in the web-hosting software Plesk to install a backdoor into thousands of websites and gaining their complete control.

The attack pattern was quite similar, once installed the backdoor on the target, sensitive data like emails and databases were extracted and uploaded to a computer server controlled by Monsegur.

“Mr. Hammond would not disclose the specific foreign government websites that he said Mr. Monsegur had asked him to attack, one of the terms of a protective order imposed by the judge. The names of the targeted countries are also redacted from court documents.”

The list included more than 2,000 Internet domains, Monsegur directed Mr. Hammond to hack government websites in Iran, Nigeria, Pakistan, Turkey and Brazil and other government sites, including the Ministry of Electricity in Iraq.

The sentencing statement confirmed the involvement of Mr. Monsegur in the attacks against Syrian government websites, including banks and ministries of the government of President Bashar al-Assad.

“The F.B.I. took advantage of hackers who wanted to help support the Syrian people against the Assad regime, who instead unwittingly provided the U.S. government access to Syrian systems,” the statement said.

According Hammond, Mr. Monsegur never carried out the hacks himself:

“Sabu wasn’t getting his hands dirty,” said Hammond.

The exact role of the FBI is still unclear, the involvement of groups of hackers capable to hit any target on the Internet is a known and efficient strategy adopted by governments.  Characters like Mr. Monsegur can influence large masses of hacktivists that taking part to a cyber attack support a tactical operation of the US government.

The involvement of groups of hacktivists such as Anonymous has numerous advantage for a covert operation like low costs, no official liability for the attacks and the opportunity to exploit them in a diversionary tactic to hide more sophisticated attacks conducted by state-sponsored hackers.
Many other governments would use a similar strategy to attack its adversary in the cyberspace.

Pierluigi Paganini

(Security Affairs –  Hacktivist, Monsegur)


facebook linkedin twitter

Anonymous FBI Hacking Hacktivism hacktivist Hector Xavier Monsegur Iran law enforcement LulzSec PsyOps Sabu Stratfor Syria

you might also like

Pierluigi Paganini July 24, 2025
U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog
Read more
Pierluigi Paganini July 23, 2025
U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Koske, a new AI-Generated Linux malware appears in the threat landscape

    Malware / July 25, 2025

    Mitel patches critical MiVoice MX-ONE Auth bypass flaw

    Security / July 25, 2025

    Coyote malware is first-ever malware abusing Windows UI Automation

    Malware / July 24, 2025

    SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

    Security / July 24, 2025

    DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

    Security / July 24, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT