Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Syrian Electronic Army attack leads to malvertising

Published: 2014-11-27
Last Updated: 2014-11-27 20:33:03 UTC
by Russ McRee (Version: 1)
2 comment(s)

A number of online services were impacted by what has been referred to by multiple sources as a redirection attack by Syrian Electronic Army (SEA) emanating from the Gigya CDN. The issue was described as follows: "Gigya explained that earlier today at 06:45 EST, it noticed “sporadic failures with access to our service”. The organization than found a breach at its domain registrar, with the hackers modifying DNS entries and pointing them away from Gigya’s CDN domain, instead redirecting to their own server, which distributed a “socialize.js” file, namely the pop-up seen by everyone." Affected sites included Verizon, The Telegraph, The Independent, Forbes, Time Out, PC World, The Evening Standard, CNBC, and others.

The resulting pop-up simply stated "You've been hacked by the Syrian Electronic Army." Sadly, attacks of this nature are commonplace, and SEA has chosen the holidays in previous years to step up its activities so be prepared with your response plan and recovery procedures.

2 comment(s)
Diary Archives