Cyber Incident Victim: Royal Saudi Air Force
Date:
Jan 2016
Location:
Saudi Arabia
Summary
Anonymous conducted cyber attacks against multiple Saudi government websites, including the Royal Saudi Air Force and Ministry of Defense, in protest of executions carried out by the kingdom. The hacktivist group disrupted services for critical government portals such as the Ministry of Education, Customs Service, and General Passports Service, with some sites remaining offline while others were restored following the takedowns. The attacks formed part of Operation #OpSaudi and #OpNimr, directly responding to the execution of Shia cleric Nimr Al-Nimr and other prisoners.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 5, 2016, the hacktivist collective Anonymous launched distributed denial-of-service (DDoS) attacks against multiple Saudi Arabian government websites under the campaign designations #OpSaudi and #OpNimr. This offensive directly responded to Saudi Arabia’s January 2, 2016 execution of 47 prisoners, including prominent Shia cleric Sheikh Nimr Al Nimr, who had been arrested in 2012 at age 17 for alleged anti-government protest involvement. The attacks targeted high-profile government domains, including the Saudi Ministry of Defense, Royal Saudi Air Force, Ministry of Education, Saudi Press Association, Customs Service, Ministry of Finance, Ombudsman’s Office, and General Passports Service. Anonymous publicly claimed responsibility through Twitter, sharing lists of targeted websites and operational hashtags. The Saudi Ministry of Defense website had previously been subjected to attacks two days earlier and remained offline at the time of reporting. Historical context indicated this was not Anonymous’ first action against Saudi authorities, as the group had targeted government websites in September 2015 protesting the potential crucifixion sentence of Mohammed al-Nimr, Sheikh Nimr’s nephew.
The cyber attacks rendered multiple critical government services inaccessible, with the Ministry of Defense and Royal Saudi Air Force sites experiencing prolonged downtime. By January 5, some affected websites had been restored, while others remained offline, indicating variable recovery timelines across agencies. No data breaches or system compromises were reported—the operational impact was limited to temporary service disruption through DDoS tactics. The Saudi government did not issue public statements regarding incident response or mitigation measures in the immediate aftermath. Anonymous framed the attacks as retaliation for human rights violations, specifically objecting to Sheikh Nimr’s execution and the broader use of capital punishment against political dissidents. The incident highlighted the vulnerability of Saudi government digital infrastructure to coordinated hacktivist campaigns motivated by geopolitical events.