Following the killing of the Iranian military general Qasem Soleimani by United States forces earlier this year, at least 51 websites were defaced after being compromised. The content added to the defaced websites included statements such as “Down with America.” The attacks began on January 3rd, 2020 after officials announced the death of the general. The two hackers are identified as Behzad Mohammadzadeh (moniker: Mrb3hz4d) from Iran and Marwan Abusrour (moniker: Mrwn007) from Palestine. Though the indictment stated that 51 websites were defaced, primarily by Mohammadzadeh, a website used to index attacks by the hackers themselves lists over 1,100 websites that were targeted by the Iranian hacker. Abusrour was charged in a minor role, reportedly providing Mohammadzadeh with access to seven websites that were all defaced as part of the campaign.
Analyst Notes
Both of the attackers are still at large but face up to ten years in prison and fines up to $250,000 if convicted in the US. Website defacements are on the lower end of the spectrum of harm for cybercrime. Typically, defacement attacks are carried out by those that are protesting an event. Many times, the websites are restored to normal quickly with little to no downtime on their end. In many cases, these attackers are leveraging known vulnerabilities within a website to gain access. It is critical to make sure all systems are patched and up to date. Access can also be achieved by using compromised credentials. This could happen through re-used passwords that have already been leaked or stolen through spear-phishing campaigns. Making sure individuals in your company only have access to the systems they need to will make it harder for an attacker to target the correct individual.
More can be read here: https://www.zdnet.com/article/us-charges-two-hackers-for-defacing-us-websites-following-soleimani-killing/
