Cyber Incident Victim: Richland County Ambulance Service
Date:
Mar 2015
Location:
United States of America
Summary
A pro-ISIS hacking group known as Team System DZ, originating from Morocco, compromised multiple Richland County government websites including the Sheriff's Department and Ambulance Service. The attackers defaced the sites with messages expressing support for ISIS, anti-US and anti-Israel sentiments, and declarations promoting jihad. Other affected entities included local municipal services, recreational facilities, and environmental departments. The incident mirrored previous cyberattacks by pro-ISIS actors targeting US government infrastructure, though all compromised sites were subsequently restored following the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 21, 2015, pro-ISIS hackers operating under the name Team System DZ, identified as Moroccan-based actors, compromised multiple websites belonging to Richland County, Wisconsin. The attackers defaced the Richland County Sheriff’s Department website along with six other county-operated domains: the City of Richland Center Municipality, Parks Commission, Ambulance Service, Richland County Fair & Recycling, Land Conservation Department, and Richland County Fitness Center. A uniform defacement page replaced the normal content of all targeted sites, displaying the message "Hacked by Team System Dz! I am a Muslim & I love jihad, I love ISIS | Fuck Israel & USA." The hackers explicitly declared support for ISIS and hostility toward the United States and Israel through this message. Zone-h, a platform documenting website breaches, archived mirrors of the defaced pages as evidence. No data theft, malware deployment, or operational disruption beyond the defacements was reported in available sources. The incident occurred without prior public warnings or claims of responsibility from the attackers.
This attack aligned with a series of pro-ISIS cyber operations targeting U.S. entities in early 2015, including the January breach of Isle of Wight, Virginia’s website, the February compromise of Newsweek’s Twitter account, and a separate leak of U.S. military personnel data days before the Richland County incident. Team System DZ’s defacements exclusively affected public-facing websites, with no indication of deeper network infiltration or secondary attacks. County authorities restored all compromised sites to normal operation before the publication of the reporting article on March 21, though the timeline between breach detection and restoration remains unspecified. The incident underscored the focus of pro-ISIS groups on symbolic digital vandalism against local government assets during this period, leveraging high-visibility defacements to amplify propaganda objectives.