FSociety hits APSCON2025 IEEE Event Registration Database in Multi-Level Cyberattack

By Jesse William McGraw

July 15, 2025

FSociety hits APSCON2025 IEEE Event Registration Database - featured

Today, the double-extortion gang FSociety (also known as Flocker) has claimed another victim. The group shared an obfuscated yet ominous ransom message on their Tor site, offering only vague clues as to who the victims are, if you know what to look for. The foremost victim appears to be the Global Healthcare Academy and its affiliates.

This attack involves interconnected victims spanning institutional, technical, and vendor layers. Based on information disclosed by the gang, the breach includes personally identifiable information (PII) of registrants from the APSCON2025 IEEE Applied Sensing Conference, and likely from other events as well, including the stolen data described by the attackers.

It’s not uncommon for ransomware and data extortion groups to obfuscate key details in their public posts. This tactic slows down a victim’s ability to respond, delaying public disclosures, legal preparations, and partner alerts. In doing so, the attackers buy themselves time.

Additionally, partial disclosure creates psychological pressure. If the goal is to get paid, it’s safe to assume the victim has already been privately notified. The public, however, may remain unaware, giving the company a brief window to negotiate quietly before the proverbial bomb goes off.

The Ransom Note

The following is the message posted by FSociety on their Tor site:

G*********************y.org
By / July 15, 2025

For the leadership of G****l H********e A*****y
We have compromised your main servers G*********************y.org and 3rd Party Entity’s leveraging your platform including I**E S*****s C*****l, G*A C*********s, A****N2025 And Personal details of your members and clients. G*A has been instituted with a mission to develop for the Healthcare sector, G*A has adopted Technology sector and development. We give you 7 days to come forward before we leak. Choose Accordingly.

As proof of its intrusion, FSociety posted photos of passports that had been exfiltrated from the victim’s servers.

FSociety hits APSCON2025 IEEE Event Registration Database — Screen capture taken from FSociety’s Tor site.

The “main servers” compromised by FSociety are owned by the APSCON2025 conference, which is under the Global Healthcare Academy, which is how they were able to exfiltrate private information belonging to its members and affiliates.

A review of the IEEE APSCON2025 website, also operated by the Global Healthcare Academy, outlines their passport and visa policy, which states:

[I]nternational delegates are required to provide their passport number, and a copy of the passport while registering for the conference.

FSociety hits APSCON2025 IEEE Event Registration Database 2 — Screen capture from the IEEE APSCON2025 website.

Using AI-Analysis to De-Anonymize the Victims

Despite the attacker's attempt to obfuscate the identity of the victims, they left significant clues behind in their ransom note, and perhaps overlooked a clue they might have inadvertently forgotten to censor in one of the passport photos.

I**E S*****s C*****l is in fact the IEEE Sensors Council.
A****N2025 is APSCON2025 is the IEE Applied Sensing Conference, an event held at IIT Hyderabad in India, which took place on January 20 and 22, 2025. This is confirmed in the passport note details, “ONLY FOR APSCON2025 Registration.”
G*A C*********s refers to GHA Conferences.

How the Victims Are Connected

After verifying our AI-driven analysis, we concluded that all the referenced third-party entities are tightly interconnected:

The IEEE Systems Council collaborates with GHA via conferences (e.g., IEEE APSCON).
GHA Conferences is a GHA division that organizes events like APSCON2025.
APSCON2025 is an event organized under IEEE/GHA umbrella.

Unredacted Ransom Message (Reconstructed)

Based on our analysis, the full, unredacted message reads:

globalhealthcareacademy.org
For the leadership of Global Healthcare Academy
We have compromised your main servers globalhealthcareacademy.org and 3rd Party Entity’s leveraging your platform including IEEE Systems Council, GHA Conferences, APSCON2025 And Personal details of your members and clients. GHA has been instituted with a mission to develop for the Healthcare sector, GHA has adopted Technology sector and development. We give you 7 days to come forward before we leak. Choose Accordingly.

The Victims

The interconnected information shows we have pieced together confirms that FSociety targeted an IEEE-affiliated event platform, most likely focusing their initial attack vector against the registration database for APSCON2025.