Cyber Incident Victim: Sierra Leone Commercial Bank

On January 4, 2020, the website of Sierra Leone Commercial Bank (slcb.com) was defaced by a group identifying itself as "Shield Iran," an Iranian hacker collective. The attackers replaced the bank’s homepage with an image of Qasem Soleimani, the Iranian major general killed in a U.S. drone strike in Baghdad on January 3, 2020. A political message accompanied the image, declaring ongoing support for "oppressed people" in Palestine, Yemen, Syria, Iraq, Bahrain, Lebanon, and for "mujahideen resistance" groups. The defacement occurred on the same day as a separate attack by another Iranian group, "Iran Cyber Security Group Hackers," which targeted the U.S. Federal Depository Library Program (FDLP) website with similar anti-U.S. messaging. Both incidents were publicly linked to Iranian actors retaliating against the U.S. for Soleimani’s killing. The SLCB website remained offline at the time of reporting on January 6, 2020, though no additional compromises of bank systems or customer data were disclosed in available sources.

The defacement disrupted public access to SLCB’s online services, though the operational impact on banking functions was not detailed in reporting. The U.S. Department of Homeland Security acknowledged the FDLP breach but did not reference the SLCB incident. Cybersecurity analysts cited in the coverage characterized Iranian hacker groups as sophisticated actors employing social engineering tactics akin to the Syrian Electronic Army and capable of deploying advanced malware like Stuxnet. No specific containment or remediation steps taken by SLCB were described beyond the website’s temporary unavailability. The incident highlighted the rapid spillover of geopolitical tensions into cyber operations, with non-state-aligned financial infrastructure becoming collateral targets. Both attacks exemplified hacktivist-style website defacements rather than financially motivated breaches, emphasizing symbolic disruption over data theft or financial gain.