Cyber Incident Victim: Richland County Parks Commission
Date:
Apr 2016
Location:
United States of America
Summary
A pro-ISIS hacking group compromised multiple Richland County government websites, including the Parks Commission, Sheriff’s Department, and emergency services, replacing content with terrorist propaganda and threats. The attackers defaced sites with the Islamic State’s logo and messages supporting its agenda, marking the third such breach of the county’s systems within a year, following prior intrusions targeting veterans services and law enforcement portals. The Algeria-based threat actor, Team System Dz, previously claimed attacks against academic and municipal entities internationally. While services were restored promptly, the repeated incidents highlighted persistent vulnerabilities in the affected web infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 15, 2016, multiple Richland County, Wisconsin government websites were compromised by the Algeria-based hacking group Team System Dz. The attackers defaced the official websites of Richland County Government, Sheriff’s Department, Ambulance Service, Veterans Services, Recycling Committee, Health and Human Services, County Fair, Land Conservation Department, Parks Commission, and Emergency Management. The defacement involved replacing legitimate website content with a page displaying the logo of the Islamic State (Daesh) terrorist organization alongside threatening messages referencing an ISIS takeover. Team System Dz publicly claimed responsibility for the attack, with evidence preserved through Zone-H mirror records. This marked the third successful defacement of Richland County systems by the same group within a twelve-month period, following prior intrusions targeting the Veterans Services and Sheriff’s Department websites with similar pro-ISIS content. Historical activity indicated the group had previously compromised systems at the University of Toronto and Isle of Wight, Virginia.
The incident disrupted public access to critical county services and emergency information portals. County administrators restored all affected websites to operational status by the time external media reported the breach on April 15. No data theft or persistent malware installation was disclosed in available reports. The repeated nature of the breaches—three successful defacements within one year—highlighted unresolved vulnerabilities in the county’s web infrastructure. Public records did not specify technical remediation steps taken after restoration, though the article explicitly questioned whether administrators would address underlying security weaknesses following this latest intrusion. The defacements exclusively involved website content replacement without further disruption to backend systems or operational continuity beyond temporary public unavailability of the targeted web pages.