A hacking group that leaked the details of federal law enforcement agents last week has accessed and leaked data from more sites and is now making political demands.

The group, which goes by the name of PokemonGo Team, first breached several Federal Bureau of Investigation-affiliated website and leaked details April 11.

According to TechCrunch, the data included information relating to thousands of federal agents and law enforcement officials. It was stolen from three sites associated with the FBI National Academy Association, a coalition of different chapters across the U.S. promoting federal and law enforcement leadership and training located at the FBI training academy in Quantico, Virginia.

The data included 4,000 unique records including member names, a mix of personal and government email addresses, job titles, phone numbers and postal addresses.

In PokemonGo Team’s latest release over the weekend the weekend, it has now released databases relating to “government websites,” though the sites claimed to have been hacked read as a list of organizations in which government workers are members.

Those sites include the National Association of Government Web Professionals, NC-Society of Government Meeting Professionals, Oregon Government Finance Officers Association, Society of Government Meeting Professionals Texas Lone Star Capital Chapter, Society of Government Meeting Professionals San Antonio Alamo Chapter and Michigan Chapter – Society of Government Meeting Professionals.

All of the hacked data so far is available for free download from the group’s website. The apparent motivation came in a since-deleted tweet from its suspended account, in which PokemonGo Team wrote, “we demand freedom for Peter Levashov.”

Levashov is a Russian hacker who was arrested in Spain in 2017 on allegations that he was behind the notorious Kelihos botnet. After being extradited to the U.S., Levashov pleaded guilty in September last year, with a sentencing hearing scheduled for September this year.

A spokesperson for Emsisoft Ltd. told SiliconANGLE that the group’s behavior so far is “super-weird and doesn’t add up at all.” On one hand, the group is claiming credit for CryptoPokemon, a form of ransomware that is not in the wild. But it’s also allegedly providing a community service by offering decryption keys for another form of ransomware that is not at all related.

The spokesperson added that Emsisoft has yet to find anything in the ransomware code to indicate that it’s the work of a known actor, but it’s still looking.

What is clear, though, that whoever the group is or whatever its motivation, it’s likely to attack again.

Featured photo: U.S. Air Force; image: Twitter/Emsisoft