Threat Group Cards: A Threat Actor Encyclopedia

Other threat group: Cyber fighters of Izz Ad-Din Al Qassam, Fraternal Jackal

Names	Cyber fighters of Izz Ad-Din Al Qassam (self given) Qassam Cyber Fighters (self given) QCF (self given) Fraternal Jackal (CrowdStrike)
Country	Iran
Sponsor	State-sponsored
Motivation	Sabotage and destruction
First seen	2012
Description	(MEMRI) On September 18, 2012, the Qassam Cyber Fighters (QCF) posted its first message, in both English and Arabic, on its Pastebin page; the message warned the world that it was now targeting U.S. banks for hacking attacks, and would do so in the future as well. Since its emergence, the group has vowed to continue to carry out cyber attacks against Western targets until YouTube removes the anti-Muslim video 'Innocence of Muslims,' stating in its first communiqué: 'All the Muslim youths who are active in the Cyber world will attack to American and Zionist bases as much as needed such that they say that they are sorry about that insult.' Since the September 18, 2012 message, in which it announced that it was planning to attack the Bank of America and New York Stock Exchange on that date, it has been widely speculated that the group's origins are in fact Iranian. Western media sources, as well as analysts who have studied the QCF, have stated that it is actually an Iranian front. Cyber security analyst Dancho Danchev performed the most authoritative open-source intelligence (OSINT) analysis on the issue of the group's links to Iran, aimed at exposing one of the individuals in the group, while former Senator Joseph I. Lieberman told C-Span that he believed that Iran's government was sponsoring the group's attacks on U.S. banks in retaliation for Western economic sanctions. Additionally, The New York Times quoted unnamed U.S. intelligence officials stating that the 'group is a convenient cover for Iran.' The QCF claims to have attacked Bank of America, the New York Stock Exchange, Capital One Financial Corp, SunTrust Banks Inc., BB&T, HSBC, JPMorgan Chase & CO, PNC Financial Services, U.S. Bancorp, Citigroup Citibank, Wells Fargo & Company, Ally Financial, Fifth Third Bancorp, Zions Bancorporation, Union Bank, Comerica, Citizens Bank, Umpqua Bank, People's United Bank, University Federal Credit Union, Patelco Credit Union, American Express, KeyCorp, Ameriprise Financial, Citizens Financial, BBVA Compass, UMB Financial Corporation, M&T Bank, Bank of the West, Regions Financial Corp, Euronext, and Synovus Financial Corporation. Recorded Future found a possible overlap with Desert Falcons.
Observed	Sectors: Financial. Countries: USA.
Tools used
Counter operations	May 2016	U.S. Accuses 7 Iranians Of Cyberattacks On Banks And Dam <https://www.forbes.com/sites/thomasbrewster/2016/03/24/iran-hackers-charged-bank-ddos-attacks-banks/>
Information	<https://www.memri.org/reports/rise-and-fall-qassam-cyber-fighters-arab-hacking-group-or-iranian-cyber-front-review-its> <http://ddanchev.blogspot.com.es/2012/09/dissecting-operation-ababil-osint.html> <https://krebsonsecurity.com/tag/izz-ad-din-al-qassam-cyber-fighters/> <https://en.wikipedia.org/wiki/Operation_Ababil>

Last change to this card: 29 November 2023

Download this actor card in PDF or JSON format

Previous: Cron
Next: Dark Basin