OpIcarus Activity Observed In April With OpUK Newly Active

Target: Banking and financial institutions, as well as the British Government for #OpUK

Attack Vector: DDoS attack, website defacements, data leaks

Threat Actor: Various, including @SHARPSHOOTER and @Manwe for OpIcarus and @AnonySec_ and @UnitedSecTeam for #OpUK

Summary: After a lull in activity during the early months of 2018, #OpIcarus has given indications of a resurgence in April. Threat Intelligence has observed attacks from @SHARPSHOOTER as well as @Manwe against the banking industry, the prime target of the campaign. In addition, events on the ground have indicated that further activity may be imminent and linked to the crisis in Syria. Another campaign linked to the ongoing situation in Syria is #OpUK with @AnonySec_ and @UnitedSecTeam both observed active. Risk assessment summary: The threat is assessed as 3d MODERATE. It is highly likely that we will continue to see activity in Syria which may prove incensory to hacktivist groups. However, #OpIcarus is not as heavily linked to events on the ground as other campaigns. The newly created #OpUK appears to be very reactionary to events on the ground and while it is in its early stages, there is a high probability it will continue to be active. The risk from both campaigns can be defined as significant with several high capability threat actors committed to both.


Development Bank Of Kenya Attacked Under OpIcarus

Target: Development Bank Of Kenya

Attack Vector: Hack & Data Leak

Threat Actor: @UnitedSecTeam

Summary: The @anonymous affiliated group @unitedsecteam have claimed responsibility for a hack and data leak against the Development Bank of Kenya (devbank[.]com) on 11th March 2018. The claim was accompanied by the hashtag #OpIcarus and is consistent with previous attacks against banks during 2018 by the actors.

Risk assessment summary: It is currently assessed that #OpIcarus presents a 3e MODERATE threat to the finance sector, however the operation has been directly linked to the energy sector and the Syrian civil war. Anonymous accused Genie Oil and Gas of precipitating the Syrian conflict in order to exploit Golan Heights oil reserves. They also accuse the business of having an interest in a pipeline planned from Qatar to Europe and indicated that telecom, energy and government sector companies would be targeted.

Although @unitedsecteam have not released large amounts of data, it is likely that other hacktivists will also support #OpIcarus when not engaged on Catalonia and Yemen centric activity, presenting a greater threat to targeted sectors. Although activity will remain at a relatively low level into the medium term, the release of small amounts of data could still prove damaging to targeted organizations and cause a disproportionate effect on reputation. Monitoring of the threat environment will continue in order to identify further actionable intelligence.