Cyber Incident Victim: Saudi Ministry of Finance
Date:
Jan 2016
Location:
Saudi Arabia
Summary
Anonymous conducted distributed denial-of-service (DDoS) attacks against multiple Saudi government websites, including the Ministry of Finance, Defense, Education, and Customs Service, in retaliation for the execution of Shia cleric Nimr Al-Nimr and 46 others. The hacktivist collective, operating under campaigns #OpSaudi and #OpNimr, disrupted critical online services, forcing several sites offline for extended periods. The attacks represented an escalation of prior digital protests against the kingdom's judicial actions, with Anonymous explicitly linking the disruptions to opposition against capital punishment for political dissent. While some services were restored during the incident timeframe, others remained inaccessible due to sustained targeting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 2, 2016, the Saudi Arabian government announced the execution of 47 prisoners on terrorism charges, including prominent Shia cleric Sheikh Nimr Al Nimr, who had been arrested in 2012 for leading anti-government protests. In response, the hacktivist collective Anonymous launched coordinated cyber attacks against multiple Saudi government websites under the campaign banners #OpSaudi and #OpNimr, continuing their prior opposition to Saudi policies following a September 2015 attack protesting the planned execution of Mohammed al-Nimr. The attacks, occurring between January 3-5, 2016, disrupted access to critical government platforms including the Saudi Ministry of Finance, Ministry of Defense, Royal Air Force, Ministry of Education, Saudi Press Association, Customs Service, Ombudsman’s Office, and General Passports Service. Anonymous publicly claimed responsibility through social media channels, sharing lists of targeted websites via Twitter accounts @GlobalReVoL3 and @CockSec. The Ministry of Defense’s website remained offline for at least two days following the initial attack, indicating sustained disruption to military communications infrastructure.
The operational impact varied across agencies, with some services restored by January 5 while others remained nonfunctional. No technical details regarding attack vectors were disclosed, though the coordinated timing and scale suggested distributed denial-of-service (DDoS) tactics commonly employed in hacktivist operations. The incident marked the second major Anonymous campaign against Saudi digital infrastructure within four months, demonstrating persistent targeting of government web assets in response to human rights concerns. Historical context indicated Mohammed al-Nimr’s 2015 arrest at age 17 had previously motivated cyber protests, with the 2016 executions amplifying retaliatory actions. The Saudi government did not publicly acknowledge the cyber attacks or disclose remediation efforts, though the partial restoration of services implied technical response measures were implemented. The attacks temporarily disrupted public access to financial, educational, and customs services, though no data breaches or long-term operational consequences were reported.