Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Syrian Electronic Army attack leads to malvertising - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Syrian Electronic Army attack leads to malvertising

A number of online services were impacted by what has been referred to by multiple sources as a redirection attack by Syrian Electronic Army (SEA) emanating from the Gigya CDN. The issue was described as follows: "Gigya explained that earlier today at 06:45 EST, it noticed “sporadic failures with access to our service”. The organization than found a breach at its domain registrar, with the hackers modifying DNS entries and pointing them away from Gigya’s CDN domain, instead redirecting to their own server, which distributed a “socialize.js” file, namely the pop-up seen by everyone." Affected sites included Verizon, The Telegraph, The Independent, Forbes, Time Out, PC World, The Evening Standard, CNBC, and others.

The resulting pop-up simply stated "You've been hacked by the Syrian Electronic Army." Sadly, attacks of this nature are commonplace, and SEA has chosen the holidays in previous years to step up its activities so be prepared with your response plan and recovery procedures.

Russ McRee

203 Posts
ISC Handler
Nov 27th 2014

We have received a couple of such pop-ups,This is only creating panic in our employees, I plan to make an announcement that we are aware of such an issue and they need not panic.

1 Posts
Everyone either update or double check that Flash either is not installed or cannot be invoked via Internet web sites.
4 Posts

Sign Up for Free or Log In to start participating in the conversation!