Cyber Incident Victim: Islamic State
Date:
Nov 2017
Location:
Iraq
Summary
Iraqi hackers known as Daeshgram infiltrated ISIS communication networks by creating counterfeit propaganda sites mimicking the group's official Amaq news platform, embedding pornographic content and mocking messages to undermine its credibility. This operation caused confusion and distrust among the extremist group's supporters, triggering internal disputes where members accused each other of sharing fraudulent links and expelled individuals from communication channels. The hackers also disrupted Amaq's operations by overwhelming its servers with traffic, temporarily forcing the site offline while amplifying paranoia about compromised networks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late 2017, Iraqi hacker collective Daeshgram executed a disruptive campaign against ISIS communication networks, specifically targeting the group's propaganda distribution channels. The hackers infiltrated ISIS-affiliated platforms on the encrypted Telegram app, where supporters typically recruited members and disseminated extremist content. Their primary objective was to undermine the credibility of Amaq—ISIS's official news front—by flooding communication channels with counterfeit propaganda materials. After months of studying ISIS digital infrastructure, Daeshgram created replica Amaq websites and social media accounts that mirrored the group's authentic branding and formatting. These forged platforms distributed content that mocked ISIS ideology while appearing superficially legitimate to supporters. The hackers deliberately inserted pornographic material into ISIS communications, including altering an official announcement video about a new Syrian media center to show militants watching explicit content instead of organizational updates.
The operation caused significant disruption within ISIS networks starting November 2017. ISIS leadership responded by instructing supporters to distrust all Amaq links, triggering internal conflicts where members accused each other of sharing fraudulent content and purged contacts from communication groups. Daeshgram amplified the disinformation campaign by strategically timing their fake content releases to coincide with legitimate ISIS announcements, creating confusion about which materials were authentic. The hackers further disrupted operations by directing coordinated traffic floods against Amaq infrastructure, temporarily taking websites offline through denial-of-service attacks. Paradoxically, ISIS supporters increasingly clicked on flagged fake links out of curiosity about their fraudulent nature, inadvertently spreading Daeshgram's content more widely. The hackers publicly documented their activities through a Twitter account, demonstrating persistent access to ISIS networks while reinforcing psychological operations designed to foster paranoia about infiltration among militants.