The Islamic State-affiliated Amaq news agency on Thursday said that a server hosting its propaganda and news content had been hacked, and warned that visitors were being prompted to download malicious a FlashPlayer file.
The details of the malicious file are unknown, but the Islamic State (also known as IS, ISIS, ISIL, and Daesh) news site has been a target of anti-ISIS groups in the past.
“Amaq News is constantly changing; the group does not maintain a site for a long period of time, whether due to the domain being suspended or taken down, or because the group wants to avoid being attacked,” Laith Alkhouri, Director of Research & Analysis for the Middle East and North Africa and a co-founder at cyber intelligence firm Flashpoint, told SecurityWeek.
“Though I’m not able to verify the hack, Amaq indeed released a statement warning that Amaq’s latest domain was hacked,” Alkhouri said, noting that the group’s website was currently offline.
“The attack appears to have specifically targeted Amaq after pinning down a specific vulnerability, which indicates a more targeted attack rather than a random one,” Alkhouri said. “The file might have aimed to infect machines in order to track the individuals who download the allegedly infected file rather than just merely damage their machines. The likelihood is that this attack, if ascertained, was not financially motivated.”
While it is unclear who may behind the attack, U.S. Cyber Command (CYBERCOM), part of U.S. Department of Defense, has publicly acknowledged that it has been conducting offensive cyber operations against jihadists targets.
Alkhouri said it is not clear whether the agency is carrying out these types of attacks.
“ISIS affiliated websites and accounts have previously been targeted multiple times; on more than one occasion, anti-ISIS hackers were behind these attacks,” Alkhouri said.
In June 2016, ISIS warned its supporters that a fake version of an Amaq News Agency Android mobile app was being used to spy on users.
Last April Flashpoint published a report concluding that the cyber capabilities of the Islamic State and its supporters are still relatively weak and appear to be underfunded and poorly organized. While the terrorist group has ambitions to increase its cyber capabilities, so far, online attacks claimed by pro-ISIS hackers attacks remain relatively novice-level, Flashpoint says, with most attacks being opportunistic, such as exploiting known vulnerabilities to compromise websites and launching DDoS attacks.
“Pro-ISIS cyber actors are certainly under sophisticated right now, but there is clear evidence that they are growing in number, coalescing in rank, and zooming in on American and other Western targets,” Alkhouri told SecurityWeek last year. “The more attractive the targets, the more notoriety they are gaining.”