A threat actor operating under the name Infrastructure Destruction Squad has claimed to have breached systems belonging to Heartland Free Church, a church organization based in the United States, allegedly gaining access to a network attached storage (NAS) server containing internal files and employee data.
The claim was published on the group’s Telegram channel alongside multiple screenshots that purportedly show access to the church’s storage environment, user accounts, shared folders, and system configuration details.
According to the threat actor, the alleged compromise involved a NAS device connected to the church’s internal network. The group claims the system contained data associated with employees, volunteers, financial operations, and administrative functions.
Shared folders and user accounts allegedly exposed
Screenshots shared by the threat actor appear to show numerous network shares with names including Finance, Worship Ministry, Children’s Ministry, Tech & Media, Facilities, Youth, Current Sunday Morning Files, Denny’s Docs, Kate’s Documents, and Jena’s Documents.
The screenshots also appear to show user enumeration results listing more than 20 local accounts. Several usernames shown in the evidence appear to correspond with individuals publicly associated with the church.
The threat actor further claimed that weak password policies were identified during the intrusion, alleging a minimum password length of 5 characters and no complexity requirements.
Financial and administrative records reportedly targeted
Infrastructure Destruction Squad claims to have obtained access to financial records, internal documents, employee backups, and technology related files stored on the server.
According to the post, allegedly affected directories included financial documentation, tax records, invoices, internal administrative files, network configuration information, and employee document backups.
The group also claimed that technology related folders contained server credentials, maintenance documentation, and network configuration data.
BreachNews has not independently verified these claims and is not publishing any sensitive information contained within the screenshots.
Alleged malware discovery raises additional questions
The threat actor also claimed to have discovered multiple suspicious executable files stored within a recycle bin directory on the server.
According to the post, the files allegedly used names resembling legitimate Windows system components and were described as credential stealing malware capable of establishing persistent remote access.
No independent analysis has been provided to verify the nature of the files, and it remains unclear whether they represent active malware, testing artifacts, backup files, or unrelated software.
Church has not issued a public statement
At the time of publication, Heartland Free Church had not issued any public statement regarding the alleged breach.
It is currently unknown whether the screenshots represent active unauthorized access, historical data, a previously compromised system, or information obtained from another source.
BreachNews will continue monitoring for any public response from the organization or additional evidence that may help verify the claim.
The screenshots shared by Infrastructure Destruction Squad allegedly show user enumeration results, network share listings, password policy information, and file directory contents from systems claimed to belong to Heartland Free Church.
