“Justice Blade” Hackers are Targeting Saudi Arabia

“Justice Blade” Hackers are Targeting Saudi Arabia

A group of cyber hackers are targeting Saudi Arabia, according to publicised leaked data from Smart Link BPO Solutions.

The group, calling themselves “Justice Blade” claim to have stolen a significant volume of data, including CRM records, personal information, email communications, contracts and account credentials. 

The group has also set up a Telegram account with a private communications channel. On the screenshots and video leaked by the attackers, the group are thought to have shown their attacks as a result of targeted network intrusion affecting Active Directory and internal applications and services. 

The hackers  also released screenshots of active RDP sessions and Office 365 communications between various companies from within the region, and several lists of users presumably related to FlyNas (airlines company) and SAMACares (initiative managed by Saudi Arabia Central Bank) containing over 100,000 records.  

According to Resecurity, Inc. (USA), protecting major Fortune 500 companies, the data breach may become one of the first meaningful supply chain cybersecurity incidents in the region due to an overlap with an enterprise and the government sector. The stolen data may be used by threat actors to target other companies and individuals of interest.

Resecurity experts mentioned that multiple leaked credentials belonging to Smart Link BPO Solutions have been previous identified in the Dark Web and various underground marketplaces in the TOR network, which could be leveraged by the “Justice Blade” to conduct successful cyber-attacks.

Based on the currently available data, the announcement of the attack has been initiated with the defacement of a corporate WEB-site around November 2, and progressed as a “hack-and-leak” operation. Prior to that, on the 30th of October, the activity of Metasploit Framework was thought to be detected by the victim company, which was deployed by the group for post-compromise. According to leaked communications between company staff, a compromised account belonging to an employee was likely used to conduct the attack.  

Notably, there is no evidence the attack could be financially-motivated, as no ransom demands have been registered as of yet. “Justice Blade” seems to be an ideologically motivated group targeting Saudi Arabia, with published photos of government officials on their WEB-site for data leak publication.  

It is not yet clear if the incident may be related to the growing tensions between Iran and Saudi Arabia. As reported by the Associated Press (AP), just recently Saudi Arabia reportedly shared intelligence with American officials that suggests Iran could be preparing for an imminent attack on the Kingdom. 

According to multiple sources, law enforcement and federal regulators are investigating the incident to determine the full scope of compromise and the end impact endured.



Register for Intersec, 17-19 January 2023 here