CitizenLab, a research group at the University of Toronto’s Munk School of Global Affairs, has published a reported on a cyber espionage campaign targeting activists working in Syria. The group suspects that the campaign is the work of Islamic State militants.
The attacks have been targeting Raqqah is Being Slaughtered Silently, a group that works to document human rights abuses in the Syrian city of Ar Raqqah. A city that is currently being held by the Islamic State, who have had a record of not taking kindly to activists in their regions.
The malware used in the campaign is unusual in that it does not attempt to allow access to the infected system, and instead periodically sends out information about the victims location; which includes an IP address. While this may not appear to be particularly damaging, it could potentially reveal the identity and location of the activists working in Raqqah; a situation which would place their lives in danger. Activists working in the city have taken precautions to keep their identities and location secret for security reasons.
CitizenLab admits that the evidence linking the Islamic State to the cyber espionage campaign is mostly circumstantial, although it does not bear resemblance to any other cyber attack; especially those conducted by Syrian actors. It is, however, extremely narrow in targeting certain victims which is why the research group arrived at the conclusion that it is the work of the tech savvy Islamic State militants.
Islamic State militants have made many headlines by publicly executing activists and posting the results on social media, which is why this campaign is such a concern to researchers.
[Source: Ars Technica]