Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Pro-ISIS Amaq News Site Hacked to Serve Malware

Amaq News Agency Hacked

Amaq News Agency Hacked

The Islamic State-affiliated Amaq news agency on Thursday said that a server hosting its propaganda and news content had been hacked, and warned that visitors were being prompted to download malicious a FlashPlayer file.

The details of the malicious file are unknown, but the Islamic State (also known as IS, ISIS, ISIL, and Daesh) news site has been a target of anti-ISIS groups in the past.  

“Amaq News is constantly changing; the group does not maintain a site for a long period of time, whether due to the domain being suspended or taken down, or because the group wants to avoid being attacked,” Laith Alkhouri, Director of Research & Analysis for the Middle East and North Africa and a co-founder at cyber intelligence firm Flashpoint, told SecurityWeek.

“Though I’m not able to verify the hack, Amaq indeed released a statement warning that Amaq’s latest domain was hacked,” Alkhouri said, noting that the group’s website was currently offline.  

“The attack appears to have specifically targeted Amaq after pinning down a specific vulnerability, which indicates a more targeted attack rather than a random one,” Alkhouri said. “The file might have aimed to infect machines in order to track the individuals who download the allegedly infected file rather than just merely damage their machines. The likelihood is that this attack, if ascertained, was not financially motivated.”

While it is unclear who may behind the attack, U.S. Cyber Command (CYBERCOM), part of U.S. Department of Defense, has publicly acknowledged that it has been conducting offensive cyber operations against jihadists targets.

Alkhouri said it is not clear whether the agency is carrying out these types of attacks.

“ISIS affiliated websites and accounts have previously been targeted multiple times; on more than one occasion, anti-ISIS hackers were behind these attacks,” Alkhouri said.

In June 2016, ISIS warned its supporters that a fake version of an Amaq News Agency Android mobile app was being used to spy on users.

Last April Flashpoint published a report concluding that the cyber capabilities of the Islamic State and its supporters are still relatively weak and appear to be underfunded and poorly organized. While the terrorist group has ambitions to increase its cyber capabilities, so far, online attacks claimed by pro-ISIS hackers attacks remain relatively novice-level, Flashpoint says, with most attacks being opportunistic, such as exploiting known vulnerabilities to compromise websites and launching DDoS attacks.

“Pro-ISIS cyber actors are certainly under sophisticated right now, but there is clear evidence that they are growing in number, coalescing in rank, and zooming in on American and other Western targets,” Alkhouri told SecurityWeek last year. “The more attractive the targets, the more notoriety they are gaining.”

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

A Pro-Russian cybercrime group named NoName057(16) is actively launching distributed denial-of-service (DDoS) attacks against organizations in Ukraine and NATO countries.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

Cybersecurity firm Group-IB is raising the alarm on a newly identified advanced persistent threat (APT) actor targeting government and military organizations in Asia and...

Application Security

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.

Cyberwarfare

Google Project Zero has disclosed the details of three Samsung phone vulnerabilities that have been exploited by a spyware vendor since when they still...