Menu
Browse

Cyber Threat Actor: GeNiuS-JorDan

Actor Type Location Known Incidents
 Icon
Activist
Jordan
1 incident
Profile

GeNiuS‑JorDan is the online handle used by a hacker who has been publicly identified as Jordanian. The actor first came to attention in early 2016 when a series of website defacements were attributed to this alias, and the individual has referenced past intrusions against Kuwaiti, Iraqi and Nepalese government systems. No additional aliases or affiliations have been disclosed in the open sources examined.

The actor’s observed targets are primarily governmental web presences, specifically ministries of foreign affairs and the overseas high commissions or embassies that represent those ministries. In the Uganda incident the defacement spread to twenty‑two diplomatic missions located across Europe, Asia, Africa and the Americas, including sites in Australia, Belgium, China, Canada, Denmark, Ethiopia, France, Germany, Italy, India, Japan, Kenya, Nigeria, Rwanda, Russia, Saudi Arabia, Switzerland, Tanzania, the United Kingdom and the United States. The stated purpose of these actions is to disseminate political messages opposing US military involvement in Iraq, Afghanistan and Palestine, indicating a strategic objective rooted in activism rather than financial gain or espionage. The defacements replaced legitimate content with anti‑war statements and embedded a YouTube video featuring activist Dr. Dahlia Wasfi’s commentary.

Technically, the actor employs a mass defacement script that can be deployed after gaining initial access to a central government site, which then serves as a gateway to compromise affiliated servers. The exact vulnerability or exploit used to obtain that initial foothold has not been disclosed, and no specific malware families, exploit kits or custom tools are mentioned in the reporting. The tooling style is limited to creating a defacement page and inserting external media, reflecting a straightforward web‑site alteration approach rather than sophisticated persistence or data‑exfiltration capabilities. Public attribution does not link GeNiuS‑JorDan to any state sponsor, criminal consortium or hacker collective; the actor is described solely as an individual hacker from Jordan. Notable operations include the 2016 Uganda Ministry of Foreign Affairs and high‑commission defacement campaign, as well as earlier breaches of the Kuwaiti Central Agency for Information Technology, Iraqi customs services, Nepalese passport control systems and parliamentary websites, all of which were used to post similar political statements. These incidents collectively illustrate a pattern of targeting high‑profile government online assets to broadcast activist viewpoints through website defacement.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
1 source