#OpUSA active in early months of 2018

Target: Businesses within America or contributing to the country economically/politically

Attack Vector: DDoS attacks, Data breaches, website defacement, doxing

Threat Actor: Various, including @UnitedSecTeam, Phoenix420 and @Anonymous

Summary: Security Intelligence outlined the prospect of a reboot of the #OpUSA hacktivist campaign. This campaign focused on the United States and is mainly driven by anti-American sentiment in protest at their involvement in foreign wars, perceived corruption of the media, alleged war crimes and creation of the financial crisis. Now, in April 2018, further hacktivist activity has been observed, with @Phoenix420 delivering effective DDoS attacks against targets as well as hacks and data leaks being carried out by @UnitedSecTeam.

Risk assessment summary: The threat is assessed as 3d MODERATE. This is one of a number of campaigns currently active and comes at a time of heightened diplomatic tension between the US, its allies and Russia. These tensions seem set to continue due to East and West involvement in the war in Syria and the investigations of Russian influencing Western elections, raising the threat level.

The USA is set to continue its involvement in Syria, giving further motivation for threat actors to continue campaigns against the West including #OpUSA, #OpUK and #OpPeaceForSyria. The US also seems bound to continue to support Israel, with President Trump congratulating the nation on its 70th birthday on the 18th of April, declaring the US had “no better friends anywhere”. This declaration of the close bond between the US and Israel is a provocative move likely to antagonise other nations in the Middle East, including allies of Russia such as Iran. This raises the possibility that some hacktivist activity may be used as a cover for state sponsored entities.


Development Bank Of Kenya Attacked Under OpIcarus

Target: Development Bank Of Kenya

Attack Vector: Hack & Data Leak

Threat Actor: @UnitedSecTeam

Summary: The @anonymous affiliated group @unitedsecteam have claimed responsibility for a hack and data leak against the Development Bank of Kenya (devbank[.]com) on 11th March 2018. The claim was accompanied by the hashtag #OpIcarus and is consistent with previous attacks against banks during 2018 by the actors.

Risk assessment summary: It is currently assessed that #OpIcarus presents a 3e MODERATE threat to the finance sector, however the operation has been directly linked to the energy sector and the Syrian civil war. Anonymous accused Genie Oil and Gas of precipitating the Syrian conflict in order to exploit Golan Heights oil reserves. They also accuse the business of having an interest in a pipeline planned from Qatar to Europe and indicated that telecom, energy and government sector companies would be targeted.

Although @unitedsecteam have not released large amounts of data, it is likely that other hacktivists will also support #OpIcarus when not engaged on Catalonia and Yemen centric activity, presenting a greater threat to targeted sectors. Although activity will remain at a relatively low level into the medium term, the release of small amounts of data could still prove damaging to targeted organizations and cause a disproportionate effect on reputation. Monitoring of the threat environment will continue in order to identify further actionable intelligence.