Cyber Incident Victim: Al Arabiya

On April 2, 2014, hacker groups NullCrew and The Horsemen Of Lulz breached Al Arabiya’s servers by exploiting an unpatched vulnerability (CVE-2013-7091) in the media company’s Zimbra email system. The attackers publicly disclosed mail server configurations, root file details, and compromised credentials via a Pastebin post titled "NullCrew & TheHorsmenLulz vs AlArabiya," explicitly referencing their prior February 9 Comcast intrusion using the same vulnerability. Al Arabiya, the Middle East’s second-largest media organization with 500–1,000 employees and offices in 40+ cities, had failed to apply Zimbra’s December 2013 patch despite widespread awareness of the flaw. The breach exposed all mbc.net email accounts used by Al Arabiya staff, journalists, and executives, compromising internal communications and potentially exposing sources in high-risk regions. NullCrew’s intrusion method involved extracting usernames and passwords from the localconfig.xml file, mirroring their Comcast attack, where they previously accessed 34 unpatched mail servers.

The incident immediately jeopardized Al Arabiya’s operational security, as attackers gained persistent access to sensitive correspondence and could leverage compromised emails for password resets on external platforms. No containment actions by Al Arabiya were reported; ZDNet received no response to inquiries by April 3, mirroring Comcast’s initial silence during its breach. The attackers framed the hack as retaliation against media corporations neglecting cybersecurity, emphasizing Al Arabiya’s disregard for the known vulnerability. Impacts extended beyond data exposure, threatening journalist safety due to the channel’s coverage of politically sensitive topics and its rivalry with Al Jazeera, which claims 40 million daily viewers. The breach highlighted systemic risks in critical infrastructure, as both Al Arabiya and Comcast ignored patches for months despite the exploit’s public availability.