Cyber Incident Victim: Royal Saudi Air Force

On August 21, 2015, the official website of the Royal Saudi Air Force (rsaf.gov.sa) was compromised by an Iranian hacker identifying as "Mr.Xpr" from the Iran Hack Security Team. The attacker bypassed the website’s security measures and altered its content to display the message "Hacked By Mr.Xpr! Iran Hack Security Team" in text form, though no full defacement page was uploaded. The hacker communicated to media outlet HackRead that the intrusion was a protest against Saudi Arabia’s military involvement in Yemen, explicitly stating, "We want Saudi Arabia to stop killing people in Yemen. We will keep on targeting Saudi defense related sites." The attack temporarily disrupted the website’s availability, with evidence of the compromise archived on Zone-H under mirror ID 24748968. No data theft, malware deployment, or persistent network access was reported in the incident.

This event occurred within a broader pattern of reciprocal cyber operations between Iranian and Saudi actors amid geopolitical tensions over Yemen. Prior to this incident, Saudi-aligned hackers had breached Iranian state television social media accounts and the Iranian Ministry of Defense website, accusing Iran of supporting Houthi forces. Iranian-aligned groups, including the Yemen Cyber Army, retaliated by hacking Saudi Arabia’s Ministry of Foreign Affairs, leaking embassy communications and officials’ plain-text credentials. Concurrently, the Syrian Electronic Army—a group supporting the Assad regime—protested the Yemen conflict by compromising the Washington Post’s mobile website. The Royal Saudi Air Force restored its website by August 23, 2015, with no disclosed technical remediation details or long-term operational impacts cited in available reporting.