OpIcarus Activity Observed In April With OpUK Newly Active

Target: Banking and financial institutions, as well as the British Government for #OpUK

Attack Vector: DDoS attack, website defacements, data leaks

Threat Actor: Various, including @SHARPSHOOTER and @Manwe for OpIcarus and @AnonySec_ and @UnitedSecTeam for #OpUK

Summary: After a lull in activity during the early months of 2018, #OpIcarus has given indications of a resurgence in April. Threat Intelligence has observed attacks from @SHARPSHOOTER as well as @Manwe against the banking industry, the prime target of the campaign. In addition, events on the ground have indicated that further activity may be imminent and linked to the crisis in Syria. Another campaign linked to the ongoing situation in Syria is #OpUK with @AnonySec_ and @UnitedSecTeam both observed active. Risk assessment summary: The threat is assessed as 3d MODERATE. It is highly likely that we will continue to see activity in Syria which may prove incensory to hacktivist groups. However, #OpIcarus is not as heavily linked to events on the ground as other campaigns. The newly created #OpUK appears to be very reactionary to events on the ground and while it is in its early stages, there is a high probability it will continue to be active. The risk from both campaigns can be defined as significant with several high capability threat actors committed to both.


#OpUSA active in early months of 2018

Target: Businesses within America or contributing to the country economically/politically

Attack Vector: DDoS attacks, Data breaches, website defacement, doxing

Threat Actor: Various, including @UnitedSecTeam, Phoenix420 and @Anonymous

Summary: Security Intelligence outlined the prospect of a reboot of the #OpUSA hacktivist campaign. This campaign focused on the United States and is mainly driven by anti-American sentiment in protest at their involvement in foreign wars, perceived corruption of the media, alleged war crimes and creation of the financial crisis. Now, in April 2018, further hacktivist activity has been observed, with @Phoenix420 delivering effective DDoS attacks against targets as well as hacks and data leaks being carried out by @UnitedSecTeam.

Risk assessment summary: The threat is assessed as 3d MODERATE. This is one of a number of campaigns currently active and comes at a time of heightened diplomatic tension between the US, its allies and Russia. These tensions seem set to continue due to East and West involvement in the war in Syria and the investigations of Russian influencing Western elections, raising the threat level.

The USA is set to continue its involvement in Syria, giving further motivation for threat actors to continue campaigns against the West including #OpUSA, #OpUK and #OpPeaceForSyria. The US also seems bound to continue to support Israel, with President Trump congratulating the nation on its 70th birthday on the 18th of April, declaring the US had “no better friends anywhere”. This declaration of the close bond between the US and Israel is a provocative move likely to antagonise other nations in the Middle East, including allies of Russia such as Iran. This raises the possibility that some hacktivist activity may be used as a cover for state sponsored entities.