Menu
Browse

Cyber Threat Actor: Cyber Justice Team

Actor Type Location Known Incidents
 Icon
Activist
Syria
2 incidents
Profile

The Cyber Justice Team, also known by its alias, is a hacktivist group that has been linked to operations originating from Syria. The group publicly identifies itself as opposing both the Assad regime and ISIS, framing its actions as a protest against what it describes as the oppression of the Syrian people. While the exact size or internal structure of the collective remains unspecified in open sources, its self‑described purpose is political rather than financial or espionage‑driven. The actor’s location is noted as Syria, though no further geographic details about its members are provided in the referenced material.

The Cyber Justice Team’s targeting has focused on Syrian government and private sector web presences, specifically exploiting websites built on the Joomla content management system. The group’s activities have affected both .gov.sy domains and other private Syrian websites, indicating a broad scope within the country’s online infrastructure. Its stated strategic objective is to convey a political message by exposing vulnerabilities and leaking data, while deliberately omitting information related to education systems and children’s hospitals to avoid civilian harm. This selective filtering demonstrates an attempt to balance political pressure with a claimed concern for non‑combatant safety.

In terms of tactics, the group repeatedly leveraged known and outdated vulnerabilities in Joomla to gain initial access to target web portals. Once inside, it exfiltrated credentials such as server passwords, MySQL host permissions, and administrative passwords, combining newly obtained data with remnants from earlier compromises. The leaked archive included older shell files and database entries that pointed to prior injection attempts, suggesting the reuse of historical footholds. The data dump was subsequently shared publicly via Pastebin, highlighting a reliance on simple, widely available platforms for distribution. The most notable campaign attributed to the Cyber Justice Team occurred on April 6 2016, when a 43 GB leak of Syrian government and private website data was released, underscoring the group’s capability to conduct large‑scale data exfiltration through web‑application exploits.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
1 source