Connect with us

Hi, what are you looking for?



Pro-ISIS Amaq News Site Hacked to Serve Malware

Amaq News Agency Hacked

Amaq News Agency Hacked

The Islamic State-affiliated Amaq news agency on Thursday said that a server hosting its propaganda and news content had been hacked, and warned that visitors were being prompted to download malicious a FlashPlayer file.

The details of the malicious file are unknown, but the Islamic State (also known as IS, ISIS, ISIL, and Daesh) news site has been a target of anti-ISIS groups in the past.  

“Amaq News is constantly changing; the group does not maintain a site for a long period of time, whether due to the domain being suspended or taken down, or because the group wants to avoid being attacked,” Laith Alkhouri, Director of Research & Analysis for the Middle East and North Africa and a co-founder at cyber intelligence firm Flashpoint, told SecurityWeek.

“Though I’m not able to verify the hack, Amaq indeed released a statement warning that Amaq’s latest domain was hacked,” Alkhouri said, noting that the group’s website was currently offline.  

“The attack appears to have specifically targeted Amaq after pinning down a specific vulnerability, which indicates a more targeted attack rather than a random one,” Alkhouri said. “The file might have aimed to infect machines in order to track the individuals who download the allegedly infected file rather than just merely damage their machines. The likelihood is that this attack, if ascertained, was not financially motivated.”

While it is unclear who may behind the attack, U.S. Cyber Command (CYBERCOM), part of U.S. Department of Defense, has publicly acknowledged that it has been conducting offensive cyber operations against jihadists targets.

Alkhouri said it is not clear whether the agency is carrying out these types of attacks.

“ISIS affiliated websites and accounts have previously been targeted multiple times; on more than one occasion, anti-ISIS hackers were behind these attacks,” Alkhouri said.

Advertisement. Scroll to continue reading.

In June 2016, ISIS warned its supporters that a fake version of an Amaq News Agency Android mobile app was being used to spy on users.

Last April Flashpoint published a report concluding that the cyber capabilities of the Islamic State and its supporters are still relatively weak and appear to be underfunded and poorly organized. While the terrorist group has ambitions to increase its cyber capabilities, so far, online attacks claimed by pro-ISIS hackers attacks remain relatively novice-level, Flashpoint says, with most attacks being opportunistic, such as exploiting known vulnerabilities to compromise websites and launching DDoS attacks.

“Pro-ISIS cyber actors are certainly under sophisticated right now, but there is clear evidence that they are growing in number, coalescing in rank, and zooming in on American and other Western targets,” Alkhouri told SecurityWeek last year. “The more attractive the targets, the more notoriety they are gaining.”

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.


On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...