Names | Syrian Electronic Army (self given) Syria Malware Team (self give) Deadeye Jackal (CrowdStrike) ATK 196 (Thales) TAG-CT2 (Recorded Future) | |
Country | Syria | |
Motivation | Information theft and espionage | |
First seen | 2011 | |
Description | (Qihoo 360) In April 2011, only days after anti-regime protests escalated in Syria, Syrian Electronic Army (SEA) emerged on Facebook to support the government’s Syrian President Bashar al-Assad. In May 5, 2011 the Syrian Computer Society registered SEA’s website (syrian-es.com). Because Syria's domain registration authority registered the hacker site, some security experts have written that the group was supervised by the Syrian state. SEA claimed on its webpage to be no official entity, but 'a group of enthusiastic Syrian youths who could not stay passive towards the massive distortion of facts about the recent uprising in Syria'. As soon as May 27, 2011 SEA had removed text that denied it was an official entity. On the new page, the description of 'not an official entity' was removed, only says that it was established by a group of young Syrian enthusiasts to combat the use of the Internet, especially people that use of Facebook in Syria to 'spread hatred' and 'destroy peace'. The Syrian Electronic Army uses spam, website defacement, malware, phishing and denial of service attacks against political opposition groups, Western news agencies, human rights groups and seemingly neutral websites for Syrian conflicts. It also attacked government websites in the Middle East and Europe as well as US defense contractors. The Syrian Electronic Army is the first Arab organization to set up a public Internet army on its national network to openly launch cyber-attacks on its enemies. Syrian Electronic Army has 2 subgroups: 1. Subgroup: Goldmouse, APT-C-27 2. Subgroup: Pat Bear, APT-C-37 | |
Observed | Sectors: Defense, Government, High-Tech, Media, Retail, Telecommunications and dissidents. Countries: Canada, France, UK, USA and Middle East. | |
Tools used | AndoServer, SandroRAT, SilverHawk, SLRat, SpyNote RAT. | |
Operations performed | Mid 2016 | In recent years, the group has seemingly kept a low profile, but the SEA hasn't ceased activity: it's altered tactics and is now delivering custom Android malware to opponents of the Assad regime for the purposes of surveillance. <https://www.zdnet.com/article/these-hackers-are-using-android-surveillance-malware-to-target-opponents-of-the-syrian-government/> |
Jan 2018 | Lookout researchers have uncovered a long-running surveillance campaign tied to Syrian nation-state actors, which recently started using the novel coronavirus as its newest lure to entice its targets to download malware. <https://blog.lookout.com/nation-state-mobile-malware-targets-syrians-with-covid-19-lures> | |
Counter operations | May 2018 | Two Members of Syrian Electronic Army Indicted for Conspiracy <https://www.justice.gov/usao-edva/pr/two-members-syrian-electronic-army-indicted-conspiracy> |
Aug 2021 | Taking Action Against Hackers in Pakistan and Syria <https://about.fb.com/news/2021/11/taking-action-against-hackers-in-pakistan-and-syria/> | |
Information | <http://blogs.360.cn/post/SEA_role_influence_cyberattacks.html> <https://en.wikipedia.org/wiki/Syrian_Electronic_Army> |
Last change to this card: 26 December 2021
Download this actor card in PDF or JSON format
Previous: Sweed
Next: Subgroup: Goldmouse, APT-C-27
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |