Cyber Threat Actor: Lov3rDns
| Actor Type | Location | Known Incidents |
Activist
|
United States of America
|
1 incident |
|---|
Profile
The threat actor known by the alias Lov3rDns is referenced in open sources as both a Yemeni hacker and, according to the provided context, as having a location noted in the United States of America. The actor has been publicly linked to the Yemen Cyber Army, a group that claimed responsibility for breaching the Saudi Ministry of Foreign Affairs server in May 2015 and leaking login credentials of Saudi officials. These associations constitute the only explicitly stated affiliations for Lov3rDns in the available material. No further details about the actor’s size, structure, or sponsorship are supplied in the sources.
Regarding targeting, Lov3rDns has directed activity against a range of sectors including political campaign infrastructure, technology and security firms, consumer beverage companies, open‑source blogging platforms, antivirus vendors, web browsers, and regional government entities. The observed victims span the United States (the Barack Obama campaign social network domain), Yemen (through political messaging referencing South Yemen), and Saudi Arabia (the claimed Ministry of Foreign Affairs breach). The actor’s stated objectives, as evidenced by the defacement message, are to deliver a political protest demanding Yemen’s sovereignty and to disrupt the normal operation of the compromised online properties. No explicit financial or espionage motives are described in the sources; the emphasized aim appears to be disruption coupled with a geopolitical message.
The actor’s tactics, techniques, and procedures described in the reporting consist primarily of website defacement, wherein an unauthorized page is uploaded to a compromised subdirectory—specifically the /page/file/ path on my.barackobama.com—to display a political statement and a flag. No particular malware families, initial access vectors, or custom tooling are mentioned in the supplied articles. Notable operations attributed to Lov3rDns include the July 2015 defacement of the Obama campaign’s social networking site, a series of earlier intrusions against entities such as AVG Security, MIT, McAfee Portal, Coca‑Cola, Joomla blogs, Kaspersky, Avast, Firefox, and MSN Portugal, and the May 2015 claim of breaching the Saudi Ministry of Foreign Affairs and leaking credential data. These incidents represent the only publicly reported campaigns detailed in the source material.
