Cyber Incident Victim: General Entertainment Authority
Date:
Sep 2017
Location:
Saudi Arabia
Summary
The General Entertainment Authority (GEA), a Saudi entity established to develop domestic entertainment options under Vision 2030, experienced cyber attacks originating outside the kingdom targeting its website and social media accounts. The attacks aimed to disrupt the authority's operations and undermine its initiatives, prompting efforts to mitigate the impact and identify the perpetrators. This incident occurred shortly after the GEA hosted large-scale public events, including performances that marked unprecedented social changes in the conservative kingdom. The organization confirmed ongoing work to restore normal operations while investigating the source of the subversive activity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 7 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 29, 2017, Saudi Arabia's General Entertainment Authority (GEA) publicly disclosed it had been targeted by cyber attacks originating from outside the kingdom. The attacks commenced early on September 28, 2017, focusing on the GEA's website and social media accounts. The authority stated via Twitter that it was actively working to neutralize these attacks to prevent operational disruptions to its digital platforms. While the specific techniques or vectors of the attack were not detailed, the GEA characterized the incidents as "subversive attacks" explicitly intended to harm the organization and undermine its initiatives. No data breaches, service outages, or specific malware deployments were confirmed in the public statement. The GEA indicated an investigation was underway to identify the perpetrators but did not disclose suspects, attribution theories, or forensic findings at the time of reporting.
The incident occurred during a period of heightened visibility for the GEA, which had recently organized large-scale public events as part of Saudi Arabia's 87th National Day celebrations. These events included historically significant gatherings such as a mixed-gender block party and a stadium operetta permitting women's attendance—activities that challenged traditional norms in the conservative kingdom. The cyber attacks coincided with public criticism of these social reforms, though no direct link between critics and the attackers was established. The GEA, established in 2016 under Crown Prince Mohammed bin Salman's Vision 2030 economic diversification plan, represented a strategic effort to develop domestic entertainment options and reduce Saudis' reliance on international travel for leisure. Earlier in 2017, Saudi authorities had issued alerts about Shamoon malware attacks targeting government entities like the Labor Ministry and industrial firms, though no connection between those incidents and the GEA attack was cited. The authority's response prioritized maintaining website functionality and social media presence while pursuing attribution of the attacks.