Menu
Browse

Cyber Threat Actor: SaLeM

Actor Type Location Known Incidents
 Icon
Activist
United States of America
1 incident
Profile

SaLeM is an alias used by a threat actor that has been publicly linked to a website defacement incident in the United States. The actor’s location is noted as the United States of America in available reporting, though no further geographic details are provided. The only confirmed activity attributed to SaLeM occurred on August 18 2014 when the Delaware Treasury Division website was compromised and replaced with anti‑Israel and pro‑Palestinian messages related to the Gaza conflict. This act was described by officials as a symbolic gesture rather than an attempt to steal data or achieve financial gain.

The observed targeting of SaLeM appears to focus on U.S. government‑affiliated web properties, specifically a state treasury division site that was hosted through a third‑party provider. The strategic objective demonstrated in the incident was to convey a political message about the Gaza situation, indicating a motivation rooted in ideological expression rather than espionage or profit. Officials characterized the defacement as part of a broader wave of similar website alterations across the United States, suggesting a pattern of disruption aimed at public visibility.

The tactics, techniques and procedures noted in the Delaware Treasury case involve exploiting security vulnerabilities present in a third‑party web hosting service used by the agency. No malware families or custom tooling were reported; the intrusion relied on leveraging existing flaws to gain unauthorized access and replace web content. The actors restored the site within hours after detection, confirming that no data exfiltration occurred and that the operation was limited to surface‑level alteration.

The Delaware Treasury defacement remains the sole publicly documented operation associated with SaLeM, serving as a representative example of the actor’s activity. This incident highlights the actor’s reliance on web‑application weaknesses to achieve a politically motivated disruption, with no evidence of financial theft, state sponsorship, or affiliation with larger criminal groups. The available information confines the profile to these verified facts, precluding any speculation about the actor’s size, sophistication, or future intentions.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
2 sources