New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Campaign Against Saudi Arabia Escalating

Discussions among hacktivists about the events surrounding Jamal Khashoggi’s death have continued this week and have begun to escalate.  While most were calling for actions against Saudi government entities in response to Khashoggi’s death, many are now seeing his death as just another in a long line of injustices perpetrated by the Saudi government and royal family.  Many online are now pushing for a full cyber-assault on the Saudi government and royal family in what looks to be a resurgence of the OpSaudi campaign which sought to target the Kingdom of Saudi Arabia several years ago for a long line of injustices.  Currently, a target list is being circulated online which includes more than 20 targets throughout the Kingdom at every level of government, as well as media targets such as Al-Jazeera.  Training material is being sent out to all who want it, instructing them on the use of various proxy services as well as directions for the use of the Tor network and where to obtain stressor tools and how to use them.  So far, the training materials have been distributed in both English and Arabic, though some have offered to translate it into different languages upon request.  Many times, when training materials like these are shared online, they are typically older and have out of date links and toolsets on them. However, in this case the materials appear to have been put together quite recently with up-to-date tools and download links included.  The Saudi Foreign Minister announced earlier this week that they would be trying suspects in the death of Jamal Khashoggi, though this has done little to appease online activists and hacktivists who see this as nothing but an empty gesture and doubt that those who stand trial will have actually played a significant role in Khashoggi’s death, or will be given no real punishment.

Analyst Notes

Over the coming days and weeks, it is possible that we will see a continued escalation in attacks as well as a continued expansion of the targets of the attacks. It is possible that more organizations, including private businesses, who work with the Saudi Arabian government could fall into the crosshairs of the hacktivists currently targeting Saudi Arabia.