Threat Research

GlorySec: Dark Web Profile – SOCRadar® Cyber Intelligence Inc.

SocRadar

GlorySec is a rising hacktivist group targeting governments and institutions it deems corrupt, with a focus on Russia and Venezuela, and they publicize attacks via Telegram. Their anti-authoritarian rhetoric and democratic leadership claims are juxtaposed with erratic actions, raising questions about their long-term threat level. #GlorySec #SOCRadar #ThreatSec #KromSec #BurkinaFaso #Armenia #Russia #Venezuela #China #DDoS #Doxxing #Defacement #ZeroDay

Keypoints

  • Group Identity: GlorySec aligns with Anarcho-Capitalist ideals, advocating for minimal government intervention.
  • Target Focus: Primarily targets corrupt governments and institutions, especially in Russia, Venezuela, and China.
  • Operational Methods: Conducts operations via Telegram, sharing details of cyberattacks and encouraging participation; has collaborated with ThreatSec and KromSec.
  • Types of Attacks: Engages in data breaches, DDoS, doxxing, and defacement.
  • Leadership Structure: Claims to select leaders through democratic voting, reflecting a unique approach for a hacktivist group.
  • Threat Assessment & Monitoring: Erratic actions and inconsistent agenda lead to skepticism about long-term threat; SOCRadar provides threat intelligence insights for defense.

MITRE Techniques

  • [T1566] Phishing – Using deceptive emails to gain access to systems. “Using deceptive emails to gain access to systems.”
  • [T1059] Command and Scripting Interpreter – Utilizing scripts to execute commands on compromised systems. “Utilizing scripts to execute commands on compromised systems.”
  • [T1098] Account Manipulation – Modifying existing accounts to maintain access. “Modifying existing accounts to maintain access.”
  • [T1041] Exfiltration Over C2 Channel – Sending stolen data over established command and control channels. “Sending stolen data over established command and control channels.”
  • [T1485] Data Destruction – Deleting data to disrupt operations. “Deleting data to disrupt operations.”

Indicators of Compromise

  • [IOC Type] None mentioned – The article does not specify any IOCs such as IPs, domains, or file hashes.

Read more: https://socradar.io/dark-web-profile-glorysec/