The Pride Banner: SiegedSec

Threat Intelligence Tarot

Vol. II · 142

Hacktivist (international, decentralized)

★★★★★

risk 2/5

✦ The Pride Banner ✦

SiegedSec

GhostSec-adjacent (separate from in-deck GhostSec) · Furry Pride

US state governmentsAnti-LGBT legislation backersNATO portalsCritical research facilities

Active 2022-2024 · LGBTQ+ rights advocacy, Ideological protest, Notoriety

The Pride Banner waved itself across servers belonging to states it accused of erasing identity. Its rhetoric was loud; its operational discipline, conspicuously short. Defiance and disbandment came in the same flag-colored typeface.

Tactics & Techniques

RCN

RDV

INI

EXC

PRS

PRV

EVA

CRD

DSC

LAT

COL

EXF

IMP

T1190

Exploit Public-Facing Application

Initial Access

T1078

Valid Accounts

Persistence

T1567.002

Exfiltration to Cloud Storage

Exfiltration

T1491

Defacement

Impact

T1499

Endpoint Denial of Service

Impact

T1583.005

Botnet Infrastructure

Resource Development

Notable Operations

◆Idaho National Laboratory employee data leak (November 2023)
◆NATO unclassified portal data dump (2023)
◆State government breaches in response to anti-LGBT legislation
◆Group disbandment announcement (July 2024)

Defenses

▸
Public-sector attack surface management and continuous CVE prioritization
CISA KEV Catalog
▸
Sensitive employee data minimization at national laboratories
DOE M 470.4-7
▸
Ideological-cluster threat tracking distinct from APT tracking
NIST CSF: ID.RA ↗
▸
Coordinated takedown collaboration with hosting providers
NIST CSF: RS.CO ↗

Reversed: Their Weakness

Hacktivist longevity is inversely proportional to public bravado. Defenders who treat short-lived ideological clusters as discrete waves — rather than persistent threats — allocate resources more accurately.

Share this adversary profile

Compare →

← → arrow keys to browse

swipe to browse

← PreviousThe Watching Child Next →The Painted Wall

Related Adversaries

Data sourced from MITRE ATT&CK. For educational purposes.