Faith-Based Daily Awareness Post 28 August 2025

These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters. 

Minneapolis mourns after shooter kills 2 children at Catholic school

A 23-year-old former student of Annunciation Catholic School, identified as Robin Westman, opened fire during a back-to-school Mass on August 27th, killing two children and injuring 17 others before dying at the scene. Westman, who was transgender, had legally acquired a rifle, shotgun, and pistol, and had posted a manifesto and videos online containing disturbing hate-filled messages, antisemitic, racist, anti-Catholic, anti-Christian, and references to past mass shooters. Authorities are investigating the shooting as both a hate crime and an act of domestic terrorism. The tragedy has spurred community grief, political condemnation, and discussions on gun violence, school safety, and backlash against the transgender community.

Analyst Comments: This tragic shooting shows several overlapping threat dynamics: targeted violence against faith-based institutions, online radicalization, and vulnerability of schools and religious gatherings. The attacks shows how hate-driven ideologies can converge into real-world violence. For security, the event serves as a reminder of the elevated risk that faith-based organizations and schools face. Insider threats, such as former students or congregants familiar with the layout add an additional level of complexity. This case can be seen as a reflection as to why monitoring social media post is important as it can show a sign of warning and is a way to engage in threat assessment and stop violence before occurring.

This Is the Group That’s Been Swatting U.S. Universities

Wired has revealed they spoke with the self-proclaimed leader of an online group called Purgatory, linked to the extremist network The Com, who has claimed responsibility for a wave of swatting attacks targeting U.S. universities. Going by the alias “Gores”, the individual says the group offers fake emergency threats, including active shooter hoaxes, for as little as $20, with prices rising amid media attention. The most recent string of attacks, which began on August 21st, have disrupted campuses nationwide, causing lockdowns and panic. Purgatory reportedly livestreamed some incidents on Discord, celebrating their impact and earnings, which Gores claims reached $100,000. Researchers monitoring the group confirmed hearing live swatting calls and intervened in one case to warn a university. The FBI is investigating, citing the serious risk and resource drain caused by such hoaxes.

Analyst Comments: The surge of swatting campaigns linked to the Purgatory group is concerning. The FBI made a statement that “knowingly providing false information to emergency service agencies about a possible threat to life drains law enforcement resources, cost thousands of dollars, and most importantly, puts innocent people at risk”. Due to the perpetrators of most swatting incidents using encrypted platforms and cryptocurrency it is harder for law enforcement to trace. It is important the schools and universities are aware of the swatting incidents but treat every call with the correct protocols. FB-ISAO members can find a deeper look at Purgatory and the recent swatting campaigns in today’s Weekly Report.

Cyber attack leaves hundreds of parishioners at risk of identity theft

Late last month, a cyber-attack on Intradev, the upstream provider of bespoke software used by APCS, a company many dioceses utilize for Disclosure and Barring Service (DBS) background checks, led to a significant data breach affecting hundreds of parishioners across at least ten dioceses. The breached data occurred between December 2024 and May 2025, likely includes sensitive personal information such as names, dates of birth, email and postal addresses, place of birth, gender, National Insurance numbers, passport details, and driving license information.

APCS, which works with over 19,000 organizations in the UK, confirmed that no payment card or criminal convictions data was stored or compromised. Intradev detected the intrusion earlier this monthand immediately began containment and investigation efforts while reporting the incident to the Information Commissioner’s Office and Action Fraud. In response, the affected diocese of Southwark announced that the National Church Institutions will offer individuals one year of free Experian Identity Plus credit and web-monitoring protection to help detect and resolve potential identify theft.

Analyst Comments: This incident demonstrates that organizations can have impacts from cyber-attacks even if they were not the primary target. HOWs are encouraged to both bolster their network security, as well as conduct adequate supply chain assessments of any vendor that the organization is working with or has access to any HOW data or systems. This morning’s Ransomware Data Leak Sites Report listed two more FBOs as ransomware victims, so the threat continues to persist. The latest ransomware groups targeting the greater faith-based community include PEAR and Qilin. In addition to CISA’s #StopRansomware which is always a good resource to help mitigate and respond to ransomware attacks, below are additional insights about PEAR and Qilin.

WatchGuard. PEAR Ransomware
Check Point. Qilin Ransomware

Tropical concerns to focus close to US through Labor Day weekend

AccuWeather forecasters note an unusual lull in Atlantic tropical activity as Labor Day approaches, with no named systems expected, a rare occurrence during peak hurricane season. Tropical Storm Fernand is expected to remain well offshore, posing limited direct threat, though it may contribute to high surf and hazardous rip currents. Meanwhile, dry, dusty air across the central and southeast Atlantic and cooler waters left behind by Hurricane Erin continues to suppress storm formation. However, local waters, warmed by the Gulf Stream and Gulf of Mexico remain favorable, especially given an anticipated dip in the jet stream over the Southeast that could spark “homegrown” tropical development, though the overall risk remains low.

Analyst Comments: While the Atlantic basin is unusually quiet for late August, the conditions described highlight the risks of “homegrown” tropical development near U.S. coastlines during peak hurricane season. For emergency managers and critical infrastructure operators, this period of apparent calm should not reduce preparedness. Due to warm waters this can ample fueled for rapid intensification of storms, therefore hazards like rip current, beach erosion, coastal flooding, and flash flooding from heavy rainfall can disrupt communities and operations over the holiday weekend. Organizations should review plans, validate communication procedures, and ensure costal facilities are ready for sudden tropical development.