OpIcarus Activity Observed In April With OpUK Newly Active
Target: Banking and financial institutions, as well as the British Government for #OpUK
Attack Vector: DDoS attack, website defacements, data leaks
Threat Actor: Various, including @SHARPSHOOTER and @Manwe for OpIcarus and @AnonySec_ and @UnitedSecTeam for #OpUK
Summary: After a lull in activity during the early months of 2018, #OpIcarus has given indications of a resurgence in April. Threat Intelligence has observed attacks from @SHARPSHOOTER as well as @Manwe against the banking industry, the prime target of the campaign. In addition, events on the ground have indicated that further activity may be imminent and linked to the crisis in Syria. Another campaign linked to the ongoing situation in Syria is #OpUK with @AnonySec_ and @UnitedSecTeam both observed active. Risk assessment summary: The threat is assessed as 3d MODERATE. It is highly likely that we will continue to see activity in Syria which may prove incensory to hacktivist groups. However, #OpIcarus is not as heavily linked to events on the ground as other campaigns. The newly created #OpUK appears to be very reactionary to events on the ground and while it is in its early stages, there is a high probability it will continue to be active. The risk from both campaigns can be defined as significant with several high capability threat actors committed to both.