In September and October 2017, a threat actor group began targeting US-based K-12 school districts. The threat group thought to be responsible for the attacks has historically targeted healthcare, defense contractors, and the entertainment industry. However, Wapack Labs believes these are not the same groups based on past targeting and Tactics, Techniques, and Procedures (TTPs). School districts in Wisconsin and Iowa had student’s personal information breached and were threatened with a leak of the student information - if a ransom was not paid. They also direct texted students, threatening them with physical harm. The actors Tweeted, “With the student directory from (local school district) we released, any child predator can now easily acquire new targets and even plan based on grade level.” The Twitter feed threatens victims who do not cooperate. A recent Tweet stated, “To the particular (university): we’re a bit disgruntled. You know who you are. It’s best not to ignore us.” The group responsible for these attacks and threats is a new group with a wide variety of attacks, that appears to focus on only on the US based education sector...READ MORE
Wapack Labs has cataloged and reported on threat actor groups in the past. An archive of related reporting can be found in the Red Sky Alliance portal.