Menu
Browse

Cyber Threat Actor: Attackers from three countries including Saudi Arabia

Actor Type Location Known Incidents
 Icon
Nation State
Saudi Arabia
0 incidents
Profile

The threat actor is publicly referenced as a group of attackers originating from three Arab countries, with leadership traced to Saudi Arabia. Iran’s cyber police have used the alias “Attackers from three countries including Saudi Arabia” when describing the perpetrators. The actors are located in Saudi Arabia according to the Iranian authorities’ assessment. Iran’s cyber police chief stated that the hackers were led by individuals based in Saudi Arabia. This attribution was communicated to Saudi Arabia through an Interpol channel.

The actors targeted the Statistical Centre of Iran, a government website, rendering it temporarily out of service on 24 May 2016. The attack affected a public sector entity within Iran, indicating a regional focus on Iranian governmental infrastructure. Iranian officials described the operation as primarily disruptive, noting that no sensitive or classified information was exfiltrated. They characterized the incident as a show‑off intended to materialize Saudi threats rather than an espionage or financially motivated effort. Consequently, the strategic objective evident from the report is disruption of online services.

Technical details disclosed in the report are limited to the tracing of IP addresses to three Arab countries, with the lead source identified in Saudi Arabia. No specific malware families, initial access vectors, or tooling styles are mentioned in the source material. Iran’s Civil Defence Organization head affirmed that the attack remained on the first layer and did not cause heavy damage, reinforcing the disruption narrative. The only publicly reported operation attributed to this actor is the May 2016 breach of Iran’s Statistical Centre. Iran has indicated it will conduct specialised war games to improve its cyber defence in response to the incident.

Incidents
Attributed incidents available to members
0 incidents
Sources
Sources available to members
1 source