Cyber Threat Actor: Cyber Islamic State
| Actor Type | Location | Known Incidents |
Activist
|
Georgia
|
1 incident |
|---|
Profile
The threat actor knownas Cyber Islamic State has been identified by the alias Cyber Islamic State and is associated with the country of Georgia. The actor emerged in mid‑2015 carrying out website defacements that promoted ISIS ideology. Open sources refer to the group solely by this alias, with no alternative names reported.
The actor’s targeting has focused on government and research institutions linked to Western alliances. Observed victims include a Georgian ministry handling Euro‑Atlantic integration, a U.S. Department of Energy national laboratory, and several Italian government research and engineering sites. The activity appears aimed at disrupting online presence and broadcasting a propagandistic message rather than seeking financial gain or conducting espionage. No public reporting indicates that the actor pursued profit‑motivated theft or state‑directed intelligence collection.
The group’s tactics consist of compromising web servers to replace legitimate content with a defacement page. The defacement page displays the ISIS logo, a short ideological statement, and an Arabic prayer background. No mention of malware families, exploit kits, or specific initial‑access vectors appears in the available reporting. Thus the observable technique is limited to web‑site defacement as the primary method of intrusion.
Attribution to a state sponsor or criminal consortium has not been established in the sources provided. While some contemporaneous attacks on French media were later speculated to involve Russian APT28, those incidents are attributed to a different pro‑ISIS handle (Cyber Caliphate) and not to Cyber Islamic State. Consequently, any claim of state nexus or organized‑crime affiliation for this actor remains unsupported by public evidence.
Representative operations include the July 2015 defacement of Georgia’s State Ministry for Euro‑Atlantic Integration, which displayed the group’s logo and message. Shortly thereafter the same actors compromised a subdomain of Argonne National Laboratory’s Computing Resource Center, replacing its content with an ISIS‑themed defacement. Additional defacements targeted Italian government sites such as the AIRO 2015 workshop platform and the National Research Council’s Engineering Department, ICT and Technology for Energy and Transport pages. These incidents collectively illustrate a pattern of hitting NATO‑related, energy‑research, and European‑government web properties to spread ideological messaging.
