Bringing cybersecurity globally to critical and complex key activities
ATK128 (aka: OurMine) is a hacking group active since mid 2016 that has been identified for being from Saudi Arabia. They are mostly known for taking over Twitter accounts of high ranked personnel such as CEOs of large cooperations and more, and Twitter accounts of organizations themselves. In most cases they claimed that they took over the account to show its owner its low level of security, while requesting them to contact the group directly to solve this problem. This shows that the group presents itself as a kind of a grey-hat group who looks for vulnerabilities and security issues in order to receive money from the companies in which these issues were found. This was also the case with the two DDoS attacks they launched against HSBC bank and Pokemon Go (in 2016 and 2017 respectively), allegedly to enhance the level of security of those companies. However, even though OurMine tried to show themselves as a group that enhances cyber security of companies, some of their attacks were done as a revenge. For example, they took over a media website after publishing an article that allegedly revealed the real identity of the threat actor behind the group, a teen from Saudi Arabia. Another example was when they leaked information of a company that did not contact them about security issues they found in its servers. Furthermore, in some cases they tried to brag in their capabilities when they were challenged to hack the website of WikiLeaks in 2017. Overall, the group did not launch very sophisticated attacks, and all the attacks were detected very quickly. Of note, since mid 2017, the group is not active, and their website seems to be under maintenance.
On January 22, 2020, the group started to target social medias account (Twitter, Facebook, Instagram) which combined have tens of millions of followers. they published the message "Hi, we're OurMine group. We are here for 2 things: 1) Annonce that we are back 2) Show people that everything is hackable. To improve your accounts security contact us: contact@ourmine.org".
REFERENCES
Ionut Ilascu, ‘OurMine Hackers Are Back, Hijack NFL Teams’ Social Accounts’, BleepingComputer, 27 January 2020, https://www.bleepingcomputer.com/news/security/ourmine-hackers-are-back-hijack-nfl-teams-social-accounts/.