Cyber Incident Victim: Macon County Circuit Clerk
Date:
Aug 2019
Location:
United States of America
Summary
The Macon County Circuit Clerk's official website was compromised by hackers identifying as Iranian group "Mamad Warning," who defaced the site with a Guy Fawkes mask image and a threatening message claiming access to personal information. Visitors clicking the image were redirected to the attackers' Instagram profile, though officials confirmed no resident data was breached as sensitive information resided on isolated systems protected by firewalls. The county's IT department swiftly restored the webpage, with personnel emphasizing their defensive training while referencing specialized intelligence units for offensive countermeasures. This incident followed similar breaches targeting other local government websites by Iranian-linked actors during the same period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 18, 2019, the official website of Macon County Circuit Clerk in Illinois was compromised by attackers who replaced its content with a defacement page. The hack featured a prominent graphic of an individual wearing a Guy Fawkes mask accompanied by text stating: “Hacked by Iranian Hackers. Hacked by Mamad Warning. We are always closer to you. Your identity is known to us. Your information is for us ;) take care.” Visitors interacting with the image were automatically redirected to the hackers’ Instagram profile. The county’s Information Technology department detected the breach and initiated restoration efforts, successfully returning the website to normal operation by 10:00 AM on August 19. Initial assessments confirmed the attack solely affected the public-facing website interface without penetrating backend systems housing sensitive data.
Circuit Clerk Lois Durbin publicly clarified that no resident personal identification information was compromised, explaining that such data resided on a segregated system protected by firewalls. Macon County Clerk Josh Tanner acknowledged the IT Department’s role in defensive measures while contrasting it with the offensive capabilities of Intelligence Center personnel. The incident mirrored a pattern of attacks attributed to Iranian hackers during that period, including breaches at Randolph County, Murfreesboro City Water Department’s payment portal, and Crook County government systems earlier in August 2019. Officials emphasized the containment of damage to the website’s front-end components, with no evidence suggesting data exfiltration or secondary compromises beyond the defacement and redirect.