Syrian Electronic Army

A hacktivist group thought to have links to the Syrian government initiated a number of phishing attacks against Western media organizations. Targeting mainly on political opposition group and western websites, the attacks made by the Syrian Electronic Army (SEA) follow two stages: firstly, an initial phishing campaign is carried out from external email accounts to gain access to a user account in the target organization, and secondly, another internal phishing campaign is executed to obtain more desirable user accounts. Once the attackers gained access to the company's website or social media account, they would undertake web defacement or publication of material supporting their cause.

Fig 10: Network topology of a target system
Fig: 11: Workflow for a basic password reset
Download SyrianElectronicArmy_CISSA.zip