Cyber Incident Victim: Smart Link BPO Solutions

The cyber incident involving Smart Link BPO Solutions, a Saudi Arabian IT outsourcing vendor and business unit of Al Khaleej Training and Education Group, began with suspicious activity on October 30, 2022, when the company reportedly detected the Metasploit Framework deployed within its network. This activity escalated on November 2, 2022, when attackers defaced Smart Link’s corporate website, marking the initial public phase of the intrusion. The threat actor group "Justice Blade" subsequently claimed responsibility for the attack, leaking stolen data including CRM records, personal information, email communications, contracts, account credentials, and screenshots of active RDP sessions and Office 365 communications involving regional companies. Evidence suggested the compromise originated from a compromised employee account, which facilitated unauthorized access to Active Directory and internal applications.

Justice Blade established a Telegram channel to disseminate the stolen data, which included over 100,000 records linked to FlyNas airlines and SAMACares, a Saudi Central Bank initiative. The attackers published photos of Saudi government officials on their leak site, indicating ideological motivations rather than financial gain, as no ransom demands were observed. Resecurity analysts confirmed that some compromised Smart Link credentials had previously circulated on dark web marketplaces, potentially enabling the breach. The incident represented a significant supply chain risk due to Smart Link’s contracts with government agencies and enterprises in Saudi Arabia and GCC countries. While geopolitical tensions between Iran and Saudi Arabia were noted in contemporaneous reporting, no direct connection to the attack was substantiated. The parent company, Al Khaleej Group—listed among Forbes Middle East’s top 100 GCC companies in 2012—did not publicly disclose containment measures or system recovery details following the breach.