By RFE RL
Hackers aligned to Islamic State (IS) militants attacked 600 Russian websites last year, according to a new report by Russian cyber intelligence company Group-IB.
The websites targeted by the group include a number of banks, construction companies, government organizations, and even schools and a local history museum in the North Urals, Group-IB said on March 25.
According to Group-IB’s research, several pro-IS hacking groups appear to have been involved in the attacks on Russian websites. As well as the “CyberCaliphate,” the research also found groups calling themselves Team System Dz, Global Islamic Caliphate and FallaGa Team were involved in the hacks.
Group-IB’s Ilya Sachkov, who helped undertake in the research, told RFE/RL that the pro-IS hackers have, at least so far, used only simple hacking techniques and hacking kits to carry out their attacks.
However, companies and governments in Russia and elsewhere should not underestimate the IS group’s hacking capabilities, he warned.
The pro-IS hackers are “trying to find new kits and new malware” to use in future attacks, Sachkov said.
According to Sachkov, the number of pro-IS cyber criminals appears to be increasing.
“There is a risk that IS hackers will switch from relatively easy attacks to more complicated ones, including against critical infrastructure and industrial systems,” Sachkov said.
Pro-IS hackers are not just targeting Russia, Sachkov said.
“Right now, IS will attack any country — their mission is to carry out attacks for attention and to create panic,” he added.
It is not clear whether the pro-IS hackers who carried out the attacks against Russian sites are IS sympathizers based in Russia, or whether they are located elsewhere.
Sachkov said that he was urging Russian law enforcement to try to establish whether Russian nationals are involved in the attacks.
Russia is not the only country to have come under attack from pro-IS hackers, however.
Cyber criminals claiming to be from a group named the “CyberCaliphate” have targeted a number of Western websites and social media accounts, hitting headlines in January when they hacked the Twitter and YouTube accounts of the U.S. Army’s Central Command and posting what seemed to be the private information of U.S. army generals.
The “CyberCaliphate” has also targeted websites and social media accounts belonging to media outlets. In February, the group hacked Newsweek’s Twitter account, replacing the main banner and avatar of the account with images of a black flag and a masked militant. The hackers posted a message wishing U.S. First Lady Michelle Obama a “Bloody Valentine’s Day.”
Earlier this week, pro-IS hackers calling themselves the “Islamic State Hacking Division” released a hit list of 100 U.S. military personnel, including names and addresses. A message from the group was signed by the “Islamic State hacking division.”
While these attacks have had their intended effect of grabbing headlines and causing alarm, they have also raised questions of whether the pro-IS hackers are tech-savvy terrorists with the ability to access confidential, encrypted data — or just individuals with access to Google.
Although the “Islamic State Hacking Division” claimed to have obtained the names and addresses of U.S. troops by hacking U.S. government databases, the “hackers” involved didn’t hack the Pentagon. Instead, The Daily Beast claims, they likely just searched Google.
At least two-thirds of the U.S. military personnel whose names appear on the “hit list” had been featured on public Defense Department websites designed to promote the military, the Daily Beast reported.
One defense official even told the Daily Beast that some of the addresses were not correct, and one service member listed is no longer serving in the military.