Syrian Electronic Army (SEA), Deadeye Jackal

Description

(Qihoo 360) In April 2011, only days after anti-regime protests escalated in Syria, Syrian Electronic Army (SEA) emerged on Facebook to support the government’s Syrian President Bashar al-Assad. In May 5, 2011 the Syrian Computer Society registered SEA’s website (syrian-es.com). Because Syria’s domain registration authority registered the hacker site, some security experts have written that the group was supervised by the Syrian state. SEA claimed on its webpage to be no official entity, but ‘a group of enthusiastic Syrian youths who could not stay passive towards the massive distortion of facts about the recent uprising in Syria’. As soon as May 27, 2011 SEA had removed text that denied it was an official entity. On the new page, the description of ‘not an official entity’ was removed, only says that it was established by a group of young Syrian enthusiasts to combat the use of the Internet, especially people that use of Facebook in Syria to ‘spread hatred’ and ‘destroy peace’.

The Syrian Electronic Army uses spam, website defacement, malware, phishing and denial of service attacks against political opposition groups, Western news agencies, human rights groups and seemingly neutral websites for Syrian conflicts. It also attacked government websites in the Middle East and Europe as well as US defense contractors. The Syrian Electronic Army is the first Arab organization to set up a public Internet army on its national network to openly launch cyber-attacks on its enemies.

Syrian Electronic Army has 2 subgroups:

1. Subgroup: Goldmouse, APT-C-27
2. Subgroup: Pat Bear, APT-C-37

Names

Name	Name-Giver
Syrian Electronic Army	self given
Syria Malware Team	self give
Deadeye Jackal	CrowdStrike
ATK 196	Thales
TAG-CT2	Recorded Future

Country

• Syria

Motivation

• Information theft and espionage

First Seen

2011

Observed Sectors

• Defense
• Government
• High-Tech
• Media
• Retail
• Telecommunications
• dissidents

Observed Countries

• Canada
• France
• UK
• USA
• Middle East

Tools

• AndoServer
• SandroRAT
• SilverHawk
• SLRat
• SpyNote RAT

Operations

• 2016 Mid: In recent years, the group has seemingly kept a low profile, but the SEA hasn’t ceased activity: it’s altered tactics and is now delivering custom Android malware to opponents of the Assad regime for the purposes of surveillance. https://www.zdnet.com/article/these-hackers-are-using-android-surveillance-malware-to-target-opponents-of-the-syrian-government/
• 2018-01: Lookout researchers have uncovered a long-running surveillance campaign tied to Syrian nation-state actors, which recently started using the novel coronavirus as its newest lure to entice its targets to download malware. https://blog.lookout.com/nation-state-mobile-malware-targets-syrians-with-covid-19-lures

Counter Operations

• 2018-05: Two Members of Syrian Electronic Army Indicted for Conspiracy https://www.justice.gov/usao-edva/pr/two-members-syrian-electronic-army-indicted-conspiracy
• 2021-08: Taking Action Against Hackers in Pakistan and Syria https://about.fb.com/news/2021/11/taking-action-against-hackers-in-pakistan-and-syria/

Information

• http://blogs.360.cn/post/SEA_role_influence_cyberattacks.html
• https://en.wikipedia.org/wiki/Syrian_Electronic_Army

Other Information

Uuid

0f16cba0-5b7f-449b-95a6-0ca000e9a63e

Last Card Change

2021-12-26