Cyber Incident Victim: Saudi Ministry of Foreign Affairs

On May 22, 2015, the Yemen Cyber Army (YCA) claimed responsibility for breaching the Saudi Ministry of Foreign Affairs (MOFA) website and internal networks. The group stated the attack was a direct response to Saudi Arabia's military actions in Yemen. Hackers defaced the official MOFA website (services.mofa.gov.sa) and published a mirror of the defacement on Zone-H as proof. According to their communications with HackRead, YCA asserted they obtained "full control" over more than 3,000 computers and servers within the MOFA network, compromising thousands of user accounts across Saudi diplomatic missions worldwide. The attackers exfiltrated confidential data including plain-text login credentials for 162 email accounts, embassy VSAT communications, telex messages, and mailbox samples.

The leaked data included databases containing usernames, phone numbers, and thousands of email addresses belonging to Saudi officials. YCA published three sample files demonstrating access to embassy communications and shared folder links protected with passwords that enabled further data retrieval. Hackers announced their intent to gradually release additional stolen materials, including secret emails and documents from MOFA’s automation systems. A defacement message on the hacked website accused Saudi Arabia of supporting ISIS, declaring "You are ISIS and ISIS is you." The incident revealed critical security failures, notably the storage of passwords in plain text on government systems. No official response or containment measures from Saudi authorities were documented in the source material at the time of reporting.