#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Syrian Electronic Army | Breaking Cybersecurity News | The Hacker News

New Mac OS Malware exploited two known Java vulnerabilities

New Mac OS Malware exploited two known Java vulnerabilities

Sep 24, 2013
A new Mac OS Malware has been discovered called OSX/Leverage . A , which appears to be yet another targeted command-and-control Trojan horse, that creates a backdoor on an affected user's machine. The Trojan named ' Leverage ' because the Trojan horse is distributed as an application disguised as a picture of two people kissing, possibly a scene from the television show " Leverage ". The attack launched via a Java applet from a compromised website and which drops a Java archive with the backdoor to the visitor's computer and launches it without a user intercation. To perform the attack, Malware uses two recently disclosed Java vulnerabilies  known as CVE-2013-2465 and CVE-2013-2471. Once it's installed, the Trojan connects to the C&C server on port 7777. Security vendor Intego said that Malware linked to Syrian Electronic Army (SEA) , because after installation Malware attempt to download an image associated with the Syrian Electronic A
FBI Cyber Division put 'Syrian Electronic Army' Hackers in wanted list

FBI Cyber Division put 'Syrian Electronic Army' Hackers in wanted list

Sep 05, 2013
The Syrian Electronic Army (SEA) , a pro-regime hacker group that emerged during Syrian anti-government protests in 2011, and involved in cyber attacks against western media organizations are now in the FBI's wanted list. The Federal Bureau of Investigation has issued an alert warning of cyber attacks by the Syrian Electronic Army and finally put them on its radar. " The SEA'S primary capabilities include spear-phishing, web defacements, and hijacking social media accounts to spread propaganda. " they said. The FBI also has increased its surveillance of Syrians living in the US. According to some anti-Assad activists, the group was founded by former intelligence agents and hardcore Assad supporters. SEA had compromised social media profiles for Western news organizations by sending fake email messages to news staff in an attempt to gain access to login credentials. Most recently, the group grabbed international attention after commandeering the webs
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
New York Times, Twitter and Huffington Post Domains hijacked by Syrian Electronic Army

New York Times, Twitter and Huffington Post Domains hijacked by Syrian Electronic Army

Aug 28, 2013
Media companies including the New York Times, Twitter and the Huffington Post has been unavailable since Tuesday after the external malicious attack by a group of hackers supporting Syrian President Bashar Assad. For the second time this month, the New York Times' website has gone down. " The New York Times website was unavailable to readers on Tuesday afternoon following an attack on the company's domain name registrar, Melbourne IT ," the Times wrote. In its most recent alleged attack, SEA was apparently able to use what's called a spear phishing attack to gain access to the Australia-based domain registrar for The New York Times website and read: " Hacked by SEA, Your server security is very weak ." It appears the domain name system (DNS) for NYTimes.com was rerouted, but can be found using its numerical Internet Protocol addresses, which is 170.149.168.130. The New York Times website has been restored just now, at least temporarily a
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Syrian Electronic Army Hacks the Outbrain service; Washington Post, CNN suffers

Syrian Electronic Army Hacks the Outbrain service; Washington Post, CNN suffers

Aug 15, 2013
After months of disrupting the Twitter accounts of major U.S. media outlets, The Syrian Electronic Army Leader Says that they won't Stop hacking. Just two days before  SocialFlow,  a social media optimization platform was hacked by Syrian Electronic Army and readers on certain stories being redirected to the site of the Syrian Electronic Army. T he hackers hit four journalists employed by the New York Post, the tabloid's Facebook page, and a columnist for The Washington Post. Syrian Electronic Army today announced that they hacked into the admin panel of  Outbrain, a  content recommendation service, used my millons of websites including The  Washington Post, CNN, TIMES and also by us at ' The Hacker News '. They edit many parameters tp " Hacked by SEA " from the website panel , that actually reflects on major websites in widget as shown in above screenshot . Hackers also claimed to have access to  Outbrain's email box . The people
Viber's Apple App Store account hacked; Description changed by hackers

Viber's Apple App Store account hacked; Description changed by hackers

Jul 28, 2013
Last week, we exclusively reported that the popular messenger Viber was hacked by the Syrian Electronic Army, and Support page was defaced with the message, " The Israeli-based - Viber is spying and tracking you. " Today we found that Viber's Apple App Store description has been defaced as well. The new modified description read " We created this app to spy on you, PLEASE DOWNLOAD IT! ", It's not clear at this point if this new hack is also performed by  Syrian Electronic Army or not, but it is possible that the hackers have gained access to the other various developer-facing functions. Viber later responded after a previous attack that one of its employee's fell victim to a phishing attach and attackers could gain access to a customer support panel and support administration system, insisting that no sensitive user data was exposed. Last week, SEA was able to access the Popular messaging app Tango's website and also a World's biggest
Free calling app 'Viber' website defaced; database hacked by SEA

Free calling app 'Viber' website defaced; database hacked by SEA

Jul 23, 2013
One of the most popular free calling App " Viber " for smartphones got hacked and defaced their one of the subdomain i.e https://support.viber.com/ by  Pro-Assad hacker group the   Syrian Electronic Army . According claimed to take backup of their partial database , as shown, " We weren't able to hack all Viber systems " hacker said. SEA hackers also suggested Viber (an instant-messaging and VoIP service) users to uninstall the application because company is spying and tracking each user, recording IP address of each user in database as shown above, " Warning: If you have "Viber" app installed we advise you to delete it " they tweeted . Earlier this year, Viber announced that it had over 200 million mobile users. Just today same hackers also managed to hacked into  Daily Dot News website and deleted an article against them and last weekend Millions of Phone Book records were stolen from Truecaller Database by SE
Daily Dot News portal hacked by Syrian Electronic Army with phishing attack

Daily Dot News portal hacked by Syrian Electronic Army with phishing attack

Jul 23, 2013
Pro-Assad hacker group the Syrian Electronic Army claims to have breached the online news portal " Daily Dot " and deleted an article with a caricature of Syrian President Bashar al-Assad. SEA hackers gave an advance warning to Daily Dot editorial team via twitter , said " Dear @dailydot, please remove the attached picture in this article: https://www.dailydot.com/news/syrian-electronic-army-tango-me/ … or we will do something you will not like it. " But Daily Dot refused to comply, and hackers broke into the Gmail account of one of its staff, then into the site's administration panel and removed the article in question altogether, as challenged ! The attackers have published several pictures, including ones of emails sent out to Daily Dot staff about the Syrian Electronic Army's threat. Staff have been warned that the hackers use phishing emails to trick them into handing over their account credentials. " The stupid @dailydot administra
Massive Database from Tango messenger server hacked by Syrian Electronic Army

Massive Database from Tango messenger server hacked by Syrian Electronic Army

Jul 20, 2013
Syrian Electronic Army (SEA), hacking group known for cyber attacks against the anti-Syrian websites, has claimed that it has hacked the website of messaging application, Tango (tango.me), that includes hundreds of millions of electronic and voice data over the Internet. Hacker group tweeted a message on Twitter. " Sorry @TangoMe, We needed your database too, thank you for it! https://tango.me #SEA #SyrianElectronicArmy ". In a post on their website , hackers mentioned ," The databases content a of millions of the app user's phone numbers, contacts and their emails. More than 1.5 TB of the daily-backups of the servers network has been downloaded successfully " Screenshot of the backups folder of the servers network of Tango App as shown below: Screenshot of the Tango App log : The outdated version of wordpress CMS allowed them to gain unauthorized access to the database server. At the time of reporting, administrators redirect the website t
Millions of Phonebook records stolen from Truecaller Database

Millions of Phonebook records stolen from Truecaller Database

Jul 17, 2013
TrueCaller, a popular app built by a Swedish company and world's largest collaborative phone directory compromised by Syrian Electronic Army hackers. Truecaller was running an outdated version (3.5.1) of blogging software WordPress for its web interface and there are millions of Phonebook records available in their database that were reportedly stolen by hackers, as claimed on their twitter account. Syrian Electronic Army also claimed that the database contains million of access codes of Facebook, Twitter, Linkedin, Gmail Accounts of different users, that can be used to post update from compromised Accounts. In total, the hackers claimed to downloaded more than 7 databases fro Truecaller server of 450GB in size. At the time of reporting this news, Truecaller website is still under maintenance and index page saying, " We are doing some upgrades. Thank you for your patience ." SEA also posted a database screenshot on twitter, showing the phonebook l
Turkish PM Erdogan’s staff emails hacked and leaked by Syrian Electronic Army Hackers as #OpTurkey

Turkish PM Erdogan's staff emails hacked and leaked by Syrian Electronic Army Hackers as #OpTurkey

Jun 05, 2013
Syrian Electronic army appears to be taking part in ongoing operation against Turkey government website. Hackers collectively called Anonymous and SEA breached into Turkish Ministry of Interior website and the private information of staffers in PM Tayyip Erdogan's office. Hackers claimed that they gained access to staff email addresses, passwords and phone numbers. As exposed on internet, database include emails and plain text passwords of 90 users. In addition , Hackers also managed to take down the Turkey's Prime Minister (basbakanlik.gov.tr) website. Many other sites belongs to Turkish govt was defaced last night by various hackers around the world including the country's ruling party as operation #OpTurkey. The team also defaced the  dosya.icisleri.gov.tr/Dosyalar/  and placed their logo on site. " Rise against the injustice of Erdogan's Tyranny. Rise against the policies of hypocrisy perpetrated by the Erdogan Regime ." The defacement message reads
Financial Times hacked by Syrian Electronic Army

Financial Times hacked by Syrian Electronic Army

May 17, 2013
The Financial Times has become the latest news outlet to be hacked by supporters of the Syrian president Bashar al-Assad , following a phishing attack on the company's email accounts. The posh broadsheet's Tech Blog - at https://blogs.FT.com/beyond-brics was compromised to run stories headlined " Syrian Electronic Army Was Here " and " Hacked by the Syrian Electronic Army ". Twelve posts appeared on the FT's tech blog between 12.38pm and 12.42pm on Friday, with official Twitter feeds also disrupted. In a later Twitter statement the FT said, " Various FT blogs and social-media accounts have been compromised by hackers and we are working to resolve the issue as quickly as possible." The Syrian Electronic Army , understood to be a number of hackers and online activists that support the current Syrian president Bashar al-Assad, may have gained control for up to 14 Twitter accounts run by the newspaper. The group of hackers has claime
Another day, Another verified Twitter Account Hacked

Another day, Another verified Twitter Account Hacked

May 14, 2013
Another day, Another verified twitter account with over 900,000 followers hacked by 'Colin'. Hacker hacked into a Sky News Twitter account earlier today, and left a semi-permanent mark on the internet's consciousness. The mysterious Colin soon began to trend on Twitter as #ColinWasHere hashtag. However, the tweet which simply said " Colin was here " - has now been deleted, with Sky blaming the tweet on a hack. The post was retweeted more than 7,500 times before it was removed half an hour later. The Syrian Electronic Army in the recent past has been accused of hacking social media feeds of a number of well known Twitter handles, such as AP , The Guardian and even for some bizarre reason, the satire news agency ' The Onion ' UPDATE:  The Sky News press office has informed that Colin was, in fact, " a 'disaster recovery' test message which accidently went live " and that "no Colin was harmed in the making of this message".
'The Onion' Twitter Account Hacked via Phishing Attack

'The Onion' Twitter Account Hacked via Phishing Attack

May 12, 2013
The hacktivist group Syrian Electronic Army (SEA) briefly took over the Twitter account of the satirical news publication The Onion, posting a series of anti-Israeli joke stories and an anti-Obama meme image. In a post on The Onion tech team's GitHub blog , the fake news site explains that the Syrian Electronic Army didn't wrestle control of its Twitter account using some advanced hacker scheme. The hack attack penetrated the publication with at least three methods of phishing attacks, where a false e-mail redirected people to a fake Website which then asked for Google Apps credentials. Previously the Syrian Electronic Army (SEA) has shanghaied its way into the official Twitter feeds of AP and the Guardian, using the former to post a tweet falsely claiming that there had been an explosion at the white House. Exposing details about an attack is not the normal approach companies take after they are hacked. The New York Times revealed earlier this year how Chinese hackers breac
Syrian Electronic Army Hijacks The Guardian's Twitter Accounts

Syrian Electronic Army Hijacks The Guardian's Twitter Accounts

Apr 30, 2013
The Guardian's Twitter accounts have been taken over by pro-Syrian government hackers ' Syrian Electronic Army ' , who previously targeted the Associated Press BBC , al-Jazeera, the Qatari government and National Public Radio in the United States, as well as France 24 TV. " We are aware that a number of Guardian Twitter accounts have been compromised and we are working actively to resolve this ," a Guardian spokesperson said. Nine bogus tweets were broadcast in an hour, including some with anti-Israeli sentiments, and others saying " Long Live Syria " and " Syrian Electronic Army Was Here ".  Cyber-security experts believe the SEA have targeted a series of western media organisations in an apparent attempt to cause disruption and spread support for President Bashar al-Assad's regime, which has been under increasing Western pressure to end an ongoing bloody civil war in Syria. The group's domain names were apparently registered by the Syr
Hacked Twitter account of The Associated Press posted bogus report of attack at White House

Hacked Twitter account of The Associated Press posted bogus report of attack at White House

Apr 23, 2013
The Associated Press Twitter account has been hacked,and posted a bogus post about explosions at the White House and Barack Obama is injured. Within a few minutes, Twitter suspended the account, and Julie Pace, the chief White House correspondent for The A.P., announced at a White House briefing that the account had been hacked. " The president is fine ," spokesman Jay Carney said. " I was just with him. " AP said later: " The @AP twitter account has been hacked. The tweet about an attack at the White House is false. " The Syrian Electronic Army claimed responsibility, tweeting out: " Ops! @AP get owned by Syrian Electronic Army! #SEA #Syria #ByeByeObama. " Last year, it took over Twitter and Facebook accounts of the Al Arabiya news channel to spread fake news of a coup and explosion in Qatar, which sides with the Syrian rebels. Shortly after the account was suspended, Mike Baker, a reporter for the news organization, posted a messa
Syrian Electronic Army Hijack Sky News's Twitter & Facebook Accounts

Syrian Electronic Army Hijack Sky News's Twitter & Facebook Accounts

Feb 07, 2013
Syrian Electronic Army strike again! This time hacking group hijack Twitter accounts and a Facebook page of Sky News Arabia and also hack their Emails. The accounts affected were the channel's main twitter handle @skynewsarabia and the @skynewsarabia account used for cultural and entertainment news, as well as the Facebook page facebook/skynewsarabia . Sky News regained control of the hacked accounts some how later. During an Interview with hackers at Syrian Electronic Army, hackers said that they first target Sky News's Email panel which is using Outlook Web App. Below is the screenshot of hacked inbox: Then it was too easy for hackers to reset the password of Twitter accounts and Facebook pages attached to that mail using Password forget option. Hackers said, they attack because of the bias that the foreign media has against Syria's President Bashar al-Assad and their support for the rebels in the Syrian conflict.
Outdated version of WordPress leads to MasterCard Hack

Outdated version of WordPress leads to MasterCard Hack

Jan 09, 2013
On tip of a readers, yesterday we came across a new MasterCard hack, performed by  Syrian Electronic Army . Hackers was able to breach MasterCard Blog ( https://insights.mastercard.com ) and make a new blog post on the website with title " Hacked By Syrian Electronic Army " on January 5, 2013. For now MasterCard deleted that post, but readers can check Google cache . Today we tried to contact the hacker, but may be they are busy in Hacking Next Target , I started my investigation that how they can hack such a big economic website's blog. Starting from very first step, Information gathering about your target. Simple by reviewing the source code we found that MasterCard blog is using Wordpress. We all know, WordPress is particular a popular attack vector for cyber criminals. To know this, I just tried to access the readme.html file of CMS , that's it - MasterCard #fail ! They are using an old  Wordpress 3.3.2  version, instead of the current version 3.
Cybersecurity Resources