Cyber Incident Victim: Richland County Emergency Management
Date:
Nov 2015
Location:
United States of America
Summary
A pro-ISIS hacking group compromised three domains belonging to Richland County, including its Emergency Management, Veterans Services, and Recycling websites, defacing them with propaganda messages and Arabic audio. The attackers displayed a message declaring support for ISIS and global jihad operations, though no evidence indicated access to sensitive data. The county restored all affected websites shortly after the incident. This group had previously targeted other government and educational entities with similar pro-ISIS defacements.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 28, 2015, the pro-ISIS hacking group Team System DZ compromised three Richland County, Wisconsin government domains: Veterans Services, Emergency Management, and Recycling. The Algerian-based group defaced all three websites before 9 p.m. ET, replacing their content with a page displaying "Hacked By Team System Dz" at the top alongside Arabic-language audio. The defacement included a written message supporting the Islamic State, referencing "#Op USA | Ir | il | Ru | Fr" and stating: "I love you Islamic State & Jihad Islamic State remain and expand, God willing, We will restore the dignity of Muslims Glory will return to Islam The dispute will return to outdated Be prepared." Zone-h.org mirrors provided public evidence of the compromises, showing identical defacements across http://veterans.co.richland.wi.us/, http://recycling.co.richland.wi.us/, and http://em.co.richland.wi.us/. This marked Team System DZ's second known attack against Richland County, following their March 2015 breach of the Sheriff's Department website. The group had previously targeted the University of Toronto and Isle of Wight, Virginia with similar pro-ISIS content.
County officials restored all affected websites before the publication of HackRead's report on November 28, making them operational for public access again. No information was disclosed regarding potential data exposure, intrusion methods, or whether law enforcement investigations occurred. The incident reflected ongoing cyber conflicts between pro-ISIS actors and groups like Anonymous, which had recently countered similar breaches by replacing extremist content with unrelated material. Team System DZ's repeated targeting of Richland County highlighted persistent vulnerabilities in local government web infrastructure, though the defacements caused no reported operational disruptions beyond temporary website unavailability. Historical patterns suggested ideological motivation rather than financial gain, with no subsequent claims of data exfiltration or secondary attacks linked to this incident.