#OpUSA active in early months of 2018

Target: Businesses within America or contributing to the country economically/politically

Attack Vector: DDoS attacks, Data breaches, website defacement, doxing

Threat Actor: Various, including @UnitedSecTeam, Phoenix420 and @Anonymous

Summary: Security Intelligence outlined the prospect of a reboot of the #OpUSA hacktivist campaign. This campaign focused on the United States and is mainly driven by anti-American sentiment in protest at their involvement in foreign wars, perceived corruption of the media, alleged war crimes and creation of the financial crisis. Now, in April 2018, further hacktivist activity has been observed, with @Phoenix420 delivering effective DDoS attacks against targets as well as hacks and data leaks being carried out by @UnitedSecTeam.

Risk assessment summary: The threat is assessed as 3d MODERATE. This is one of a number of campaigns currently active and comes at a time of heightened diplomatic tension between the US, its allies and Russia. These tensions seem set to continue due to East and West involvement in the war in Syria and the investigations of Russian influencing Western elections, raising the threat level.

The USA is set to continue its involvement in Syria, giving further motivation for threat actors to continue campaigns against the West including #OpUSA, #OpUK and #OpPeaceForSyria. The US also seems bound to continue to support Israel, with President Trump congratulating the nation on its 70th birthday on the 18th of April, declaring the US had “no better friends anywhere”. This declaration of the close bond between the US and Israel is a provocative move likely to antagonise other nations in the Middle East, including allies of Russia such as Iran. This raises the possibility that some hacktivist activity may be used as a cover for state sponsored entities.