GhostSec, a threat actor group with a history of financially motivated cybercrimes, recently made a significant announcement indicating a shift in focus towards hacktivism. The group, known for its involvement in cybercrimes and ransomware operations, revealed its decision to return to its hacktivist roots, marking a notable change in priorities and operational strategies.
The GhostSec group, which identifies itself as part of the Anonymous collective, has been active in various operations since 2015. Using hashtags such as #GhostSec or #GhostSecurity, the group has been involved in campaigns such as #OpISIS, #OpNigeria, and #OpIsrael.
In a recent announcement on its Telegram channel, GhostSec stated that it had gathered enough funds from its ransomware operations to support other activities in the future. Instead of completely abandoning their previous work, the group plans to transfer existing clients to the new Stormous locker by Stormous, a partner organization. They also intend to share the source code of the V3 Ghostlocker ransomware strain with Stormous.
By ensuring a smooth transition to Stormous’ services, GhostSec aims to avoid exit scams or disruption risks associated with ransomware exits. Stormous will also take over GhostSec’s associates within the Five Families collective, which includes ThreatSec, BlackForums, and SiegedSec.
Although GhostSec will discontinue some earlier services, the group plans to maintain its private channel and chat room. They announced a discounted offer for lifetime access to these channels, reducing the price from $400 to $250 until May 23rd. Additionally, the group is considering offering a hacking course, although the details are still being debated.
The announcement emphasized GhostSec’s intention to focus solely on hacktivism, using hacking to promote social or politically driven agendas. The group has a history of successful hacktivist operations, including efforts to take down ISIS-associated websites and social media accounts in 2015.
GhostSec has also supported hacktivist initiatives, such as providing resources for activists to anonymize their identities and offering free VPN facilities to Iranian activists. The group aims to expand these projects to support activists facing internet restrictions imposed by governments worldwide.
It is important to note that GhostSec’s departure from cybercrime does not automatically imply a shift towards ethical practices. Questions have been raised about the group’s true motivations and the potential for their hacktivism to be used for personal gain or dubious political agendas rather than genuine social change.
In conclusion, GhostSec’s decision to refocus on hacktivism highlights a significant shift in their operational priorities. As the group transitions away from cybercrime and ransomware operations, their future activities in the hacktivist space will be closely monitored for their impact on social and political causes.