Cyber Threat Actor: CoMoDo Islamic Hackers
| Actor Type | Location | Known Incidents |
Activist
|
United States of America
|
1 incident |
|---|
Profile
The threat actor known as CoMoDo, also referred to as CoMoDo Islamic Hackers, appears in open‑source reporting under those exact aliases. The group’s name is explicitly noted to be unrelated to the US‑based provider of software and SSL digital certificates that shares a similar spelling. Open‑source accounts place the actor’s location within the United States of America, although no city or further geographic detail is supplied. The actor first entered public view on August 7 2014 when it compromised the US website of Plextor, a manufacturer of computer storage hardware. This initial activity marks the only documented appearance of the group in the sources provided.
During the intrusion the attackers replaced every page of the Plextor Americas site with a uniform display of anti‑US and anti‑Israel statements, Islamic propaganda, a block of Turkish language text and an embedded YouTube video. The English proclamation declared a self‑styled cyber war against nations that the group claimed did not respect Islam, while the Turkish passage, when translated, referenced persecution and cruelty in a virtual world. The defacement blocked access to the original firmware downloads, news articles and support resources, rendering the site unusable for visitors until Plextor regained control on August 8 2014. No mention is made of malware families, exploit kits, or specific initial access vectors; the operation is described solely as a website defacement that relied on content replacement rather than code execution.
Beyond the Plextor incident the actor’s online footprint appears minimal, with a Facebook page showing only a few accepted friend requests and occasional profile picture updates, indicating limited public engagement. Public sources do not link CoMoDo Islamic Hackers to any state sponsor, criminal consortium or larger hacking collective, and no financial or espionage motives are articulated in the reporting. Consequently, the only verifiable characteristic of the group is its use of website defacement to disseminate an ideological message, making the Plextor attack the sole representative campaign in the available threat intelligence.
