Menu
Browse

Cyber Threat Actor: SkyNetCentral

Actor Type Location Known Incidents
 Icon
Activist
Egypt
1 incident
Profile

SkyNetCentral is the handle used by a hacker who has been publicly linked to a series of disruptive actions against Islamist‑aligned organizations. The actor’s location has been noted as Egypt in open‑source reporting, although no further personal details have been confirmed. The earliest documented operation attributed to SkyNetCentral occurred on June 16 2016, when the official website of the Muslim Brotherhood and the site of its affiliated Freedom and Justice Party were subjected to distributed denial‑of‑service attacks that overwhelmed their CloudFlare protections. In addition to flooding the services with traffic, the actor managed to bypass the sites’ security controls and extract portions of the Muslim Brotherhood’s database, leaking IP addresses, email exchanges, commenters’ names and associated IP addresses online. The leaked data were verified by a security news outlet as previously unpublished, indicating that the actor obtained access to at least some tables of the underlying database without reaching the most sensitive repositories. SkyNetCentral publicly framed the operation as ideological, stating in a tweet that the Muslim Brotherhood was no different from ISIS and that the attacks were motivated by opposition to extremist ideology.

The same article notes that the actor’s profile shows a pattern of targeting similar groups, including the Council on American‑Islamic Relations and other organizations perceived as Islamist‑affiliated. No evidence has been presented in public sources linking SkyNetCentral to a state sponsor, a criminal syndicate, or any broader hacking collective, leaving the actor’s affiliations undetermined. The observed behavior in the 2016 incident includes volumetric DDoS traffic and unauthorized database access, although the reporting does not name specific malware families or toolkits. Because the actor’s activity has been limited to this single disclosed campaign, there is no publicly available information about recurring tooling, persistence mechanisms, or lateral movement techniques. The operation resulted in temporary offline status for both targeted websites and the exposure of non‑sensitive personal data, which the actor claimed demonstrated the groups’ vulnerability to cyber pressure. No subsequent attacks or additional leaks have been attributed to SkyNetCentral in the sources consulted, so the profile is confined to the confirmed facts surrounding the June 2016 event.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
1 source