Cyber Incident Victim: U.S. Federal Depository Library Program
Date:
Jan 2020
Location:
United States of America
Summary
Hackers defaced the homepage of the U.S. Federal Depository Library Program with a pro-Iranian message and an image depicting violence against then-President Trump, accompanied by a claim of responsibility from the "Iran Cyber Security Group Hackers." The website was rendered inaccessible shortly after the defacement. Cybersecurity experts could not verify the existence of the hacking group or confirm any affiliation with the Iranian government, with U.S. officials suggesting the perpetrators were likely Iranian sympathizers rather than state-sponsored actors. A senior official characterized the incident as a low-impact event affecting a small agency, emphasizing its symbolic rather than destructive nature. The defacement occurred amid heightened tensions following the U.S. killing of a top Iranian general, though authorities stated there was no confirmation of Iranian state involvement and no credible imminent cyber threat at the time.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 4, 2020, the official website of the U.S. Federal Depository Library Program (FDLP) was compromised by hackers who replaced its homepage with pro-Iranian content. The defacement featured an image of a bloodied former President Donald Trump being punched in the face alongside text stating: "Hacked by Iran Cyber Security Group Hackers. This is only small part of Iran's cyber ability! We're always ready." The website became inaccessible shortly after the defacement appeared publicly. Initial analysis indicated the intrusion was limited to the homepage, with no evidence suggesting deeper penetration into FDLP systems or exfiltration of sensitive data. The FDLP, established to provide free public access to U.S. government publications including legislative and judicial materials, maintained its primary informational function through alternative channels during the outage. Cybersecurity experts noted the unknown provenance of the claiming group "Iran Cyber Security Group Hackers," with no prior recognition of this entity within threat intelligence communities.
The Cybersecurity and Infrastructure Security Agency (CISA) confirmed the incident, stating there was no confirmation of Iranian state-sponsored involvement despite the messaging. Federal responders took the FDLP website offline immediately to contain the incident. A senior U.S. cybersecurity official characterized the event as insignificant due to the small scale of affected systems and the non-destructive nature of website defacement versus data compromise. The official suggested the perpetrators were likely Iranian sympathizers rather than state actors, though this assessment wasn't formally attributed to technical evidence. This incident occurred two days after the U.S. military strike that killed Iranian General Qassem Soleimani, amid heightened alerts for potential Iranian retaliation. The Department of Homeland Security had issued a bulletin on January 4 acknowledging Iran's cyber capabilities while stating there were "no credible threats" to U.S. infrastructure at that time. No further disruptive activity against FDLP systems was reported following the website restoration.