Cyber Incident Victim: Armed Forces Training Authority
Date:
Mar 2014
Location:
Egypt
Summary
A hacker using the alias "YMH" compromised and defaced the official website of the Egyptian Armed Forces Training Authority, replacing its content with a message advocating for political disengagement and humorously referencing tea culture. The attacker had previously targeted two other Egyptian government-affiliated websites—the Tourist Development Authority and Military Technical College—with similar defacements. While the latter two sites were restored following the incidents, the Armed Forces Training Authority's platform remained offline at the time of reporting. The defacement did not express overt support or opposition to any political faction but instead promoted a neutral stance, urging visitors to disregard political tensions. This incident marked a continuation of disruptive cyber activities against Egyptian institutional targets by the same threat actor.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 31, 2014, the official website of the Egyptian Armed Forces Training Authority was compromised and defaced by an individual using the alias "YMH." The attacker replaced the site's content with a defacement page containing a message written in Arabic. A translation of the message indicated the hacker's commentary on political confusion in Egypt, stating: "We don’t know with whom to fight, el sisi or the Muslim Brotherhood, leave all the politics behind and enjoy yourselves a little with the tea of Om Hasan (symbol of the reversed revolution)." This statement adopted a neutral stance toward both government and opposition factions, instead advocating for disengagement from political conflict. The defacement represented the third known attack by YMH within an eight-day period, following similar compromises of the Tourist Development Authority of Egypt and Military Technical College websites on March 23, 2014. All three incidents featured comparable defacement methods and messaging themes.
The immediate operational impact included the prolonged downtime of the Armed Forces Training Authority website, which remained inaccessible at the time of media reporting. In contrast, the previously attacked Tourist Development Authority and Military Technical College sites had been restored to normal operation prior to publication of the incident report. No technical details regarding intrusion methods, data compromise, or restoration procedures were disclosed in available sources. The attacks demonstrated recurring vulnerabilities across multiple Egyptian government-affiliated web properties, though the defacements appeared limited to surface-level disruptions rather than destructive payloads or data exfiltration claims. YMH's pattern of activity highlighted continued targeting of Egyptian institutional online assets during a period of political transition, though the attacker's motivations remained ambiguous based solely on the translated messages and observed actions.