New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Anonymous (OpIcarus)

After months of no action and continued internal arguments it appears that the first actions of OpIcarus have finally taken place.  Members of Anonymous began discussing the operations, which focuses on attacking financial institutions, several months ago but were unable to come to a consensus on what should be done this time around.  After several months of arguments in IRC’s, the group seemed to have abandoned the idea.  This week though, the first attacks appear to have been launched.  A member of Anonymous who calls himself MinionGhost attacked one bank in the Middle East. In the attack, he took the website for Arab Bank Syria offline and dumped portions of their database. He is also believed to have likely been behind the compromise of administrator credentials for Gulf Bank which were posted to Zerobin.  This is similar to the way that the previous phase of OpIcarus began.  In the previous phase, MinionGhost dumped databases for several banks outside of the United States and in the following weeks other members of Anonymous defaced and DDoS’ed less than a dozen other banks throughout the Middle East and Asia.  If this phase follows the same pattern as the last, it is likely that we will begin to see DDoS attacks and web-defacements against other banks–primarily those outside of the United States.  It is possible that banks within the United States may become targets, however foreign banks are the more likely target for OpIcarus at this time.