Department of Peace
Department of Peace is a self-described hacktivist operation/group that claimed to have compromised U.S. Department of Homeland Security (DHS) systems and leaked allegedly stolen documents/records online. Reporting states the leaked dataset purportedly originated from DHS’s Office of Industry Partnership and was published/hosted by the transparency collective Distributed Denial of Secrets (DDoSecrets), with a separate GitHub page created by security researcher Micah Lee to organize and make the records searchable (including sorting by contract amount). The group’s claimed objective was to expose companies supporting U.S. immigration enforcement (ICE), and it framed the intrusion/leak as retaliation connected to the deaths of protesters Alex Pretti and Renée Good in Minneapolis. The leaked materials were described as contractor/contract records tied to DHS and ICE, covering over 6,000 organizations (including a claim of 6,681 applicants), with separate files for applicants and awardees. The exposed data reportedly included company and employee contact details (names, titles, addresses, phone numbers, emails), contractor identifiers (e.g., UEI and CAGE codes), and tax identifiers (including potential SSNs), creating risks of doxxing, fraud, and targeted attacks. Entities referenced in the leaked records reportedly included major technology and defense contractors such as Microsoft, Oracle, Palantir, Raytheon, Anduril, and L3Harris; notable contract allocations highlighted in reporting included Cyber Apex Solutions (~$70M) and SAIC (~$59M). At the time of reporting, DHS had not publicly confirmed, debunked, or validated the intrusion claims, and it was unclear whether the dataset resulted from a single breach or was compiled from multiple sources.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- Commercial & Professional Services
Where they target
Geographies tied to known operations.
- 🇺🇸 United States
Recent activity
3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Alleged hacktivist intrusion and data theft targeting the U.S. Department of Homeland Security (DHS), followed by public leaking of purportedly stolen DHS Office of Industry Partnership data (including DHS/ICE contracts) via DDoSecrets, framed as retaliation for killings of protesters.
Hacktivist data-theft/leak operation claiming intrusion into U.S. Department of Homeland Security systems to exfiltrate and publish internal contractor records related to ICE; data was released via a whistleblower/leak site (DDoSecrets) with an ideological motive to expose companies supporting ICE/DHS operations.
Hacktivist group claiming intrusion into the U.S. Department of Homeland Security and leaking allegedly stolen documents/contract-related data via a third-party publishing collective.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.