Menu
Browse

Cyber Threat Actor: Islamic State (IS)

Aliases: 8 aliases
Actor Type Location Known Incidents
 Icon
Terrorist
Iraq
23 incidents
Profile

The Islamic State (IS), also known as ISIS, ISIL, Daesh, and Islamic State Supporters, operates as a terrorist organization with cyber activities supporting its ideological and operational objectives. Publicly reported incidents indicate targeting across government, military, education, media, and civilian sectors, primarily in the United States, United Kingdom, Middle East, and Europe. Objectives include disruption of critical services, intimidation through threats and data leaks, and facilitation of physical attacks. Operations often align with geopolitical events, such as retaliating against nations participating in coalition airstrikes.

Notable tactics include low-complexity cyber intrusions, such as SQL injection attacks to exfiltrate personal data (e.g., the 2016 Arkansas library breach), and defacement of websites like UAE’s Al Ittihad newspaper to disseminate propaganda. The group leverages encrypted platforms like Telegram for coordination, recruitment, and leaking stolen information, as seen in the 2016 exposure of New York residents' details and military base maps. Incidents include bomb threats via virtual platforms (e.g., the 2020 University of Zoom lecture threat) and DDoS attacks against gaming networks, falsely attributed to ISIS-linked "CyberCaliphate." Security researchers have infiltrated ISIS forums to preempt attacks, revealing plans targeting U.S. and Israeli military assets. The U.S. military’s 2016 cyber campaign against ISIS highlighted the group’s reliance on digital networks for command and control. Persistent themes include exploiting openly available vulnerabilities, using social media for recruitment, and blending cyber operations with physical threat campaigns to amplify psychological impact.

Incidents
Attributed incidents available to members
23 incidents
Sources
Sources available to members
5 sources