Anonymous Launch OpPeaceForSyria
Target: UK political organisations
Attack Vector: DDoS
Threat Actor: @Anonymous/@UnitedSecTeam
Summary: In response to airstrikes carried out against Syrian targets on the morning of Saturday 14th April 2018, The @Anonymous hacktivist collective has announced the launch of the cyber operation #OpPeaceForSyria. The aim of the operation is to show international opposition to the air strikes and to encourage citizens in Western countries to hold their governments to account regarding the military action.
Risk assessment summary: It is currently assessed that #OpPeaceForSyria presents a 3e MODERATE threat. Whilst most activity will comprise DDoS attacks, hacks, data leaks and website defacements may also be used against targeted organisations. At the time of writing no target list has been issued but statements by @UnitedSecTeam suggest the group is planning on moving beyond smaller targets. As the group is ideologically driven with an anti-government agenda, then politically linked organisations such as councils and the government sector targets are likely to be considered attractive targets.
Activists from the wider @Anonymous collective are almost certain to support the operation given the high profile of the attacks on Syria and the implications for global peace and security. A more worrying aspect of forthcoming hacktivist activity is that it may be used as a smokescreen for more damaging APT related activity. Both Russian and Iranian actors have previously used the pretext of being a hacktivist group as cover for their activity, indeed APT28 have used the hashtag #OpOlympics during hacks and data leaks of sporting related bodies such as WADA or the IOC. The group also claimed to be from the ISIS-linked UnitedCyberCaliphate during the service affecting attack against the French media organisation TVMonde5.
Given that malicious state-sponsored entities may seek to complicate blame attribution during the current period of international tensions, then it may be prudent to monitor hacktivist incidents more carefully, especially if such activity is targeting critical infrastructures or organisations. Monitoring of the threat environment will continue in order to identify any emerging target lists or other actionable intelligence.