Security Experts:

Connect with us

Hi, what are you looking for?



Cyber Playing a Part in Iraq’s Civil War

Iraq’s civil war now has a cyber-component, with researchers encountering increased cyber-espionage tools and custom malware.

Iraq’s civil war now has a cyber-component, with researchers encountering increased cyber-espionage tools and custom malware.

Recent reports have focused on the Islamic State of Iraq and al-Sham (ISIS) group’s expansion in northern Iraq and the members’ extensive use of social media to spread propaganda messages. There also appears to be a sharp increase in malware and botnet activity, primarily concentrated in Baghdad, Erbil, Basra, and Mosul, according to a new report from IntelCrawler.

Cyber Attacks Used in Iraq Civil WarSome of the malware contained strings to suggest the cyber-attacks are religiously and politically motivated, the threat intelligence firm found.

“The increased activity correlates with other geopolitical conflicts where state-sponsored activities in cyberspace try to affect outcomes on the ground,” IntelCrawler said over the weekend.

Researchers uncovered a large pool of Remote Administration Toolkits using Secure Sockets (SOCKS) and FTP/HTTP BackConnect with embedded file system browser. These RATs are “masked under Google Chrome and publicly available software” and used to remotely monitor infected victims, IntelCrawler said. The malware can intercept various pieces of data from infected systems and transmit them to servers controlled by the attackers.

The majority of the malicious domain names used in the command-and-control infrastructure were registered using free public DNS providers. The IP addresses resolved to various regional ISPs in Iraq, such as GORANNET, IQ-EARTHLINK, IQNETWORKS, IQ-NEWROZ and IQ-TARINNET. There were several domains using and, which were also observed in cyber-attacks in Syria.

“Several new botnets using dynamic DNS have been detected, which might have been used for cyber espionage and targeted multi-staged cyber attacks,” IntelCrawler said.

Attackers appear to also be targeting home router connections in Iraq in order to monitor network traffic and Internet surveillance, IntelCrawler said. “Significant numbers” of SOHO-routers with IP addresses in Iraq’s IPv4 range have been compromised, either by brute-forcing passwords or by mass exploitation of unpatched vulnerabilities in the UPnP protocol, researchers said.

Much of the malware appears to be custom and not off-the-shelf mass malware, and were previously seen in attacks targeting Syrian opposition groups in the Syrian civil war, according to the researchers. ISIS also played a key role in Syria, making it likely the group is reusing its cyber capabilities in Iraq.

“The share of Iraqi-based bad actors involved into various illegal activities in cyberspace acting as mercenaries seems to have significantly increased,” IntelCrawler said. They appear to have ties to other groups from Egypt, Lybia, Lebanon, Iran, and Syria.

Written By

Click to comment

Expert Insights

Related Content


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona


The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...