- Jan 24, 2011
- 9,378
This report describes a malware attack with circumstantial links to the Islamic State in Iraq and Syria. In the interest of highlighting a developing threat, this post analyzes the attack and provides a list of Indicators of Compromise.
A Syrian citizen media group critical of Islamic State of Iraq and Syria (ISIS) was recently targeted in a customized digital attack designed to unmask their location. The Syrian group, Raqqah is being Slaughtered Silently (RSS), focuses its advocacy on documenting human rights abuses by ISIS elements occupying the city of Ar-Raqah. In response, ISIS forces in the city have reportedly targeted the group with house raids, kidnappings, and an alleged assassination. The group also faces online threats from ISIS and its supporters, including taunts that ISIS is spying on the group.
Though we are unable to conclusively attribute the attack to ISIS or its supporters, a link to ISIS is plausible. The malware used in the attack differs substantially from campaigns linked to the Syrian regime, and the attack is focused against a group that is an active target of ISIS forces.
Background: Citizen Journalists under Threat in ISIS-controlled Territories
As the Syrian Civil War continues, Syrian citizen journalists and nonviolent activists operate in an increasingly unsafe environment. The regime has never welcomed their work, and has often targeted them for arrest and detention, and a multi-year hacking campaign (see Pro-Regime / Regime Linked Groups). Additionally, not all elements of the Syrian opposition have uniformly supported nonviolent activists and citizen journalists. More recently, in areas like Raqqah, nonviolent activists face a new and exceptionally grave threat: ISIS. A growing number of reports suggest that ISIS is systematically targeting groups that document atrocities, or that communicate with Western media and aid organizations, sometimes under the pretext of finding “spies”.1
Map: Raqqah is indicated by the red arrow. Colors indicate areas mostly under the control of the following groups: Black = ISIS, Red = Syrian Regime, Green = Free Syrian Army, Yellow = Kurdish. Note: the map is not highly detailed, nor completely up-to-date, but is useful in showing general areas of control. Source: @DeSyracuse
Ar-Raqqah, the city in which the case study is located, is situated in northern Syria and continues to be a key conflict flashpoint of the Syrian Civil War. In the spring of 2013, Islamists and Free Syrian Army (FSA) fighters took over Ar-Raqqah from regime forces. As ISIS gained momentum, they consolidated their control over the city, edging out FSA-affiliated groups through attacks, summary executions, and kidnappings against a range of groups, including ethnic and religious minorities.
Read more: https://citizenlab.org/2014/12/malware-attack-targeting-syrian-isis-critics/
A Syrian citizen media group critical of Islamic State of Iraq and Syria (ISIS) was recently targeted in a customized digital attack designed to unmask their location. The Syrian group, Raqqah is being Slaughtered Silently (RSS), focuses its advocacy on documenting human rights abuses by ISIS elements occupying the city of Ar-Raqah. In response, ISIS forces in the city have reportedly targeted the group with house raids, kidnappings, and an alleged assassination. The group also faces online threats from ISIS and its supporters, including taunts that ISIS is spying on the group.
Though we are unable to conclusively attribute the attack to ISIS or its supporters, a link to ISIS is plausible. The malware used in the attack differs substantially from campaigns linked to the Syrian regime, and the attack is focused against a group that is an active target of ISIS forces.
Background: Citizen Journalists under Threat in ISIS-controlled Territories
As the Syrian Civil War continues, Syrian citizen journalists and nonviolent activists operate in an increasingly unsafe environment. The regime has never welcomed their work, and has often targeted them for arrest and detention, and a multi-year hacking campaign (see Pro-Regime / Regime Linked Groups). Additionally, not all elements of the Syrian opposition have uniformly supported nonviolent activists and citizen journalists. More recently, in areas like Raqqah, nonviolent activists face a new and exceptionally grave threat: ISIS. A growing number of reports suggest that ISIS is systematically targeting groups that document atrocities, or that communicate with Western media and aid organizations, sometimes under the pretext of finding “spies”.1
Map: Raqqah is indicated by the red arrow. Colors indicate areas mostly under the control of the following groups: Black = ISIS, Red = Syrian Regime, Green = Free Syrian Army, Yellow = Kurdish. Note: the map is not highly detailed, nor completely up-to-date, but is useful in showing general areas of control. Source: @DeSyracuse
Ar-Raqqah, the city in which the case study is located, is situated in northern Syria and continues to be a key conflict flashpoint of the Syrian Civil War. In the spring of 2013, Islamists and Free Syrian Army (FSA) fighters took over Ar-Raqqah from regime forces. As ISIS gained momentum, they consolidated their control over the city, edging out FSA-affiliated groups through attacks, summary executions, and kidnappings against a range of groups, including ethnic and religious minorities.
Read more: https://citizenlab.org/2014/12/malware-attack-targeting-syrian-isis-critics/
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
