Pro-ISIS Amaq News Site Hacked and exploited to distribute Malware
31.3.2017 securityaffairs CyberCrime
The Islamic State-affiliated Amaq news agency has been hacked and used to spread a malicious a FlashPlayer file. Who is behind the attack?
The Islamic State-affiliated Amaq news agency has been hacked and used to spread a malware. The website is considered as the official news site of the Islamic State, it was used for propaganda and to share news related to the activities of the radical group.
The Amaq news agency warned that visitors were being prompted to download malicious a FlashPlayer file.
Just before the website was shut down, the Amaq agency released an official statement warning that Amaq’s latest domain was hacked. It is currently offline.
“The attack appears to have specifically targeted Amaq after pinning down a specific vulnerability, which indicates a more targeted attack rather than a random one,” Laith Alkhouri, Director of Research & Analysis for the Middle East and North Africa and a co-founder at cyber intelligence firm Flashpoint, told SecurityWeek. “The file might have aimed to infect machines in order to track the individuals who download the allegedly infected file rather than just merely damage their machines. The likelihood is that this attack, if ascertained, was not financially motivated.”
The Amaq news agency continues to change the domain due to the takedown of international law enforcement agencies.
At the time I was writing there is no attribution of the attack, the Amaq news agency is known to be a target of intelligence agencies worldwide, including the U.S. Cyber Command (CYBERCOM).
In March 2016, Senior Pentagon officials revealed the military’s first use of cyber warfare operations against the ISIL terrorist group.
The US military has started launching cyber attacks against members of the terrorist organization ISIS as part of the operation conducted to take back the Iraqi city of Mosul.
We cannot exclude that the attack is part of a cyber operation conducted by anti-ISIS groups.
In June 2016, ISIS warned its supporters that a fake version of an Amaq News Agency Android mobile app was being used to track them.
According to the experts, the cyber capabilities of the Islamic State are still relatively poor, but we cannot underestimate its growth.
During the past two years the cyber capabilities of the ISIS groups have been growing, at least five different pro-ISIS hacking group launched cyber-attacks in favor of the Islamic State.
According to techworm, on April 4, 2016, Cyber Caliphate Army (CCA), ISIS’s main hacking unit, and other pro-ISIS groups like the Sons Caliphate Army (SCA) and Kalacnikov.TN (KTN) merged and formed The United Cyber Caliphate (UCC). These pro-ISIS activities are still poorly organized and likely under-resourced and have not been either officially acknowledged nor claimed by ISIS itself.
Most of the claimed attacks by the pro-ISIS hackers are beginner level and opportunistic such as exploiting known vulnerabilities to compromise websites. These pro-ISIS actors have launched attacks chiefly on government, banking, and media targets, so far, but researchers at Flashpoint expect as growing to maturity, they keep targeting financial institution.