Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Pro-ISIS Amaq News Site Hacked to Serve Malware

Amaq News Agency Hacked

Amaq News Agency Hacked

The Islamic State-affiliated Amaq news agency on Thursday said that a server hosting its propaganda and news content had been hacked, and warned that visitors were being prompted to download malicious a FlashPlayer file.

The details of the malicious file are unknown, but the Islamic State (also known as IS, ISIS, ISIL, and Daesh) news site has been a target of anti-ISIS groups in the past.  

“Amaq News is constantly changing; the group does not maintain a site for a long period of time, whether due to the domain being suspended or taken down, or because the group wants to avoid being attacked,” Laith Alkhouri, Director of Research & Analysis for the Middle East and North Africa and a co-founder at cyber intelligence firm Flashpoint, told SecurityWeek.

“Though I’m not able to verify the hack, Amaq indeed released a statement warning that Amaq’s latest domain was hacked,” Alkhouri said, noting that the group’s website was currently offline.  

“The attack appears to have specifically targeted Amaq after pinning down a specific vulnerability, which indicates a more targeted attack rather than a random one,” Alkhouri said. “The file might have aimed to infect machines in order to track the individuals who download the allegedly infected file rather than just merely damage their machines. The likelihood is that this attack, if ascertained, was not financially motivated.”

While it is unclear who may behind the attack, U.S. Cyber Command (CYBERCOM), part of U.S. Department of Defense, has publicly acknowledged that it has been conducting offensive cyber operations against jihadists targets.

Alkhouri said it is not clear whether the agency is carrying out these types of attacks.

“ISIS affiliated websites and accounts have previously been targeted multiple times; on more than one occasion, anti-ISIS hackers were behind these attacks,” Alkhouri said.

Advertisement. Scroll to continue reading.

In June 2016, ISIS warned its supporters that a fake version of an Amaq News Agency Android mobile app was being used to spy on users.

Last April Flashpoint published a report concluding that the cyber capabilities of the Islamic State and its supporters are still relatively weak and appear to be underfunded and poorly organized. While the terrorist group has ambitions to increase its cyber capabilities, so far, online attacks claimed by pro-ISIS hackers attacks remain relatively novice-level, Flashpoint says, with most attacks being opportunistic, such as exploiting known vulnerabilities to compromise websites and launching DDoS attacks.

“Pro-ISIS cyber actors are certainly under sophisticated right now, but there is clear evidence that they are growing in number, coalescing in rank, and zooming in on American and other Western targets,” Alkhouri told SecurityWeek last year. “The more attractive the targets, the more notoriety they are gaining.”

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.