Cyber Incident Victim: Connecticut
Date:
Jul 2014
Location:
United States of America
Summary
Hackers affiliated with Anonghost compromised multiple Connecticut state government websites, including the Governor's portal, Department of Energy and Environmental Protection, Education Network, and Veterans Affairs sites, defacing them with anti-Israel messages and imagery promoting #OpSaveGaza. The attackers displayed a banner featuring a child labeled "Save Gaza" and called for public opposition to Israel, mirroring previous operations where Anonghost and associated groups breached high-profile targets to leak data in support of the same geopolitical cause.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On July 31, 2014, multiple Connecticut state government websites were compromised by hackers affiliated with the #OpSaveGaza campaign. The group Anonghost executed defacement attacks against at least eight state-operated domains, replacing legitimate content with a political message opposing Israeli actions in Gaza. The defacement pages displayed a consistent visual template featuring a banner with the hackers' branding alongside an image of a young boy under the heading "Sava gaza." Text on the pages urged visitors to join opposition efforts against Israel. Affected entities included the Connecticut Department of Energy and Environmental Protection, Connecticut Education Network, Lieutenant Governor Nancy Wyman's official site, the Smart Customer government portal, state recovery department pages, the Office of Secretary of the State Denise W. Merrill, and the Department of Veterans Affairs (CT DVA) website. The coordinated targeting indicated systematic reconnaissance of state digital infrastructure, though the specific intrusion vectors remained unspecified in available reporting. No data exfiltration or secondary attacks beyond defacement were documented in the incident disclosure.
This incident represented part of Anonghost's ongoing operational pattern, as the group had previously compromised other high-profile targets during the same #OpSaveGaza campaign. The Connecticut breach coincided with broader hacktivist activities by multiple groups including Anonymous, which conducted parallel attacks against government websites and data leaks supporting the Palestinian cause. While technical remediation details weren't disclosed, the scope impacted citizen access to environmental, educational, veteran services, and electoral administration portals during the compromise period. The defacements remained publicly visible until takedown procedures were implemented, though restoration timelines weren't quantified. Historical context indicated Anonghost specialized in politically motivated web defacements rather than data destruction or ransomware deployment, with this incident following their established modus operandi of targeting government digital assets during geopolitical conflicts.