Islamic State Hacking Division | |
---|---|
![]() | |
Also known as | United Cyber Caliphate |
Foundation | 2014 |
Dates of operation | 2014-Present |
Allegiance | ![]() |
Status | Active |
The Islamic State Hacking Division (ISHD) or The United Cyber Caliphate (UCC) is a merger of several hacker groups self-identifying as the digital army for the Islamic State of Iraq and Levant (ISIS/ISIL). The unified organization comprises at least four distinct groups, including the Ghost Caliphate Section, Sons Caliphate Army (SCA), Caliphate Cyber Army (CCA), and the Kalashnikov E-Security Team. Other groups potentially involved with the United Cyber Caliphate are the Pro-ISIS Media group Rabitat Al-Ansar (League of Supporters) and the Islamic Cyber Army (ICA).[1] Evidence does not support the direct involvement of the Islamic State leadership. It suggests external and independent coordination of Pro-ISIS cyber campaigns under the United Cyber Caliphate (UCC) name.[2] Investigations also display alleged links to Russian Intelligence group, APT28, using the name as a guise to wage war against western nations.[3][4]
The group's actions have included online recruiting, website defacement, social media hacks, denial-of-service attacks, and doxing with 'kill lists.'[5][6][7] The group is classified as low-threat and inexperienced because their history of attacks requires a low level of sophistication and rely on publicly available hacking tools.[8][9]
Experts raised doubts about the source and nature of data from released 'kill lists' containing personal information about U.S. Military personnel claimed stolen from hacked U.S. government servers. There is no evidence that the United Cyber Caliphate (UCC) compromised U.S. systems. The data included public, unclassified, and often outdated information about civilians, non-U.S. citizens, and others built from old data breaches or web scraped data.[10][11]
U.S., French, and German intelligence Investigated attacks following the French Television Channel TV5Monde hack and The U.S. CENTCOM Twitter attack. All three countries linked actions by the United Cyber Caliphate (UCC) to APT 28 (aka Fancy Bear), a Russian intelligence group.[3][4]
The group first emerged in hacking operations against U.S. websites in January 2015 as the Cyber Caliphate Army (CCA).[1] In March 2015, the Islamic State published a "kill list" on a website that included names, ranks, and addresses of 100 U.S. military members.[12]
A pattern of similar attacks emerged after the media coverage. At least 19 individual 'kill lists,' including personal information of American, Canadian, and European citizens released between March 2015 and June 2016.[13] On April 4, 2016, all four groups united as the United Cyber Caliphate (UCC).[14]
In June 2016, the Middle East Media Research Institute found and revealed to the media an alleged list of approximately 8,300 people around the world as potential lone-wolf attack targets.[15]