Cyber Threat Actor: Team System Dz
| Actor Type | Location | Known Incidents |
Activist
|
Algeria
|
34 incidents |
|---|
Profile
Team System DZ, also seen as Team System Dz or Team System DZ, is an Algeria‑based hacking collective that has publicly aligned itself with the Islamic State. The group uses the alias Team System DZ when claiming responsibility for website defacements and related disruptions. Open‑source reporting consistently describes the actors as originating from Algeria and motivated by pro‑ISIS ideology. No public evidence links the group to a state sponsor or a larger criminal consortium.
The collective primarily targets public‑facing websites of institutions in North America and Europe, including police services, school districts, municipal governments, universities and occasional private entities such as a food‑truck site. Their actions are aimed at spreading propaganda rather than seeking financial gain, as they replace normal content with ISIS symbols, slogans and audio messages that support the terrorist organization. By defacing these sites they seek to disrupt normal online operations and draw attention to their ideological message. The attacks are typically limited to the web‑front end, with no indication that underlying databases or internal networks are compromised.
Observed tactics involve uploading a defacement page that displays the ISIS logo, Arabic religious text and statements such as 'I love Islamic State' or images of Saddam Hussein. In some incidents the actors inject a small file into the root of a compromised web host, which redirects visitors to an iFramed YouTube page carrying an Arabic audio track and unknown writing. They have exploited weaknesses in third‑party hosting services—for example, the SchoolDesk platform—to propagate the redirect across hundreds of sites simultaneously. The overall style is low‑technical, relying on web‑shell or file‑upload techniques rather than sophisticated malware families.
Representative operations include the November 2023 defacement of the Prince Albert Police Service website in Saskatchewan, which displayed a pro‑ISIS slogan and temporarily took the site offline. In November 2017 the group claimed responsibility for compromising the SchoolDesk hosting environment, affecting roughly eight hundred U.S. school and district websites with a redirect to a YouTube‑based propaganda page. A series of repeated defacements against Richland County, Wisconsin government portals in 2015‑2016 demonstrated their ability to return to the same victim multiple times within a year, while earlier actions against the University of Toronto mobile site and the Isle of Wight, Virginia website in 2015 showed a broader geographic reach. These incidents collectively illustrate the group's pattern of ideologically motivated website disruption.
