A hacking group calling itself “KittenSec” claims it has struck government and private sector computer systems in multiple NATO countries over the past month, justifying its attacks by arguing that it is exposing corruption.
The attacks by KittenSec are the latest in a string of groups hacking government and private targets around the world as part of an overall increase in hacktivism. KittenSec claims its attacks are motivated by a desire to expose corruption, but their ideological stance is difficult to articulate in any detail, and many of their attacks seem motivated by an anything-goes mantra of breaking systems for the sake of breaking them.
“We are mostly targeting anything we can see,” a representative of the group told CyberScoop.”We don’t care how hard it is. We always manage to pwn anything we see and want. But mostly because of corruption.”
On July 28, KittenSec claimed in a Telegram post to have hacked multiple Romanian government systems and posted a file containing roughly 36 gigabytes of data, including emails, documents, contracts, and healthcare-related data. The group claimed to have scrubbed “any personal info because that’s out of our motives” and said the Romanian breach represented “just the beginning” of their operations.
In subsequent weeks the group has followed through, posting links to data apparently stolen from targets in Greece, France, Chile, Panama, Italy and then France again. CyberScoop has not examined each individual data listing, but altogether, according to the claims posted by the group, the data released by the group relates to more than 13 million people.
KittenSec representatives told CyberScoop over a series of online messages that the group is new — although they acknowledged connections to other hacktivist groups, including ThreatSec — and claimed that it is composed of roughly a dozen members. The group has hit targets whose governments it perceives as corrupt, but KittenSec’s representatives said they “don’t associate with any country!”
Asked in early August why the group chose to target Romania, a KittenSec representative said, “Why not?” Romania, this person said, “was an easy target.” And because the group “wanted to fight the corruption and the lies from the government,” KittenSec “decided to attack them.”
The group did not specify which “lies” motivated the attack, but added that Romania’s NATO membership “has nothing to do with this, however we plan on attacking many more NATO countries in the future.”
The Romanian embassy in Washington, D.C., did not respond to a request for comment.
It’s worth taking KittenSec’s claims with a grain of salt. “In the ever-shifting threat landscape, hacktivist groups are redefining themselves, with their motives intertwined and agendas blurred,” said Tom Hegel, a senior threat researcher at SentinelOne. “These groups are now tools in the hands of nation states, concealing their operations behind hacktivist facades.”
Groups like KittenSec, Hegel said, seek public notoriety, and while they seek to achieve change, “their impact often falls short” of their goals — which in KittenSec’s case are difficult to define.
KittenSec’s attacks on Romania — which shares a border with Ukraine and has played a key role in NATO’s response to the Russian invasion of Ukraine — raise questions about whether it might be a Russian front group.
But KittenSec has said it is not motivated by the conflict, and unlike many other Russian hacking groups, KittenSec’s messaging, while broadly anti-NATO, has not engaged with rhetoric more specific to the conflict in Ukraine. The attack on Romania, a representative of the group said, “has nothing to do with the war between Russia and Ukraine” and is in “retaliation against the countries of NATO for their attacks on human rights.”
And unlike some other cybercriminal groups operating on Russia’s behalf, KittenSec does not appear to be making much money off its attacks. The group claims it only leaks data for free and has shared the address to a cryptocurrency wallet in the hopes of soliciting donations. “There is no financial motivation,” a representative said. “If there was we would black mail them and keep everything hidden from the public.”
KittenSec’s spate of recent attacks and their links to other established hacking groups make them emblematic of an increasingly diverse hacktivist landscape.
SiegedSec — one of the groups KittenSec says it’s linked to — recently claimed responsibility for an attack on a NATO information sharing platform and has carried out attacks on U.S. states seeking to limit gender-affirming healthcare or abortion access. A SiegedSec representative previously told CyberScoop that its members “focus more on the message than the money,” that they consider themselves “more blackhat than hacktivists” and that “money is not our main goal, most of the time we just want to have fun and destroy stuff.”
Updated, Aug. 25, 2023: This story has been updated to remove reference to another hacking group after one of its members told CyberScoop after publication that the group has no connection to KittenSec.