Cyber Incident Victim: Richland County Sheriff's Department
Date:
Nov 2015
Location:
United States of America
Summary
A pro-ISIS Algerian hacking group known as Team System DZ compromised three county government domains, defacing websites for Veterans Services, Emergency Management, and Recycling with propaganda messages supporting the Islamic State and playing Arabic audio. The attackers displayed "Hacked By Team System Dz" banners and referenced a coordinated campaign against multiple nations, mirroring their previous breach of the same county's Sheriffs Department website. While the defacements were temporary and services were restored, the extent of system access or potential data exposure remains unconfirmed. This incident aligns with the group's history of targeting government and educational entities with pro-ISIS content.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 28, 2015, pro-ISIS hacking group Team System DZ defaced three Richland County, Wisconsin government domains: the Veterans Services Office (veterans.co.richland.wi.us), Emergency Management (em.co.richland.wi.us), and Recycling (recycling.co.richland.wi.us). The attackers replaced each site's content with a page displaying "Hacked By Team System Dz" at the top before 9 p.m. ET, accompanied by an Arabic-language audio song. A written message endorsed ISIS, stating "#Op USA | Ir | il | Ru | Fr | I love you Islamic State & Jihad Islamic State remain and expand, God willing, We will restore the dignity of Muslims Glory will return to Islam The dispute will return to outdated Be prepared." Zone-H records confirmed the defacements with mirrored copies of the compromised pages. This marked the group's second attack against Richland County entities, following their March 2015 breach of the Richland County Sheriffs Department website. Team System DZ, identified as Algeria-based, had previously targeted the University of Toronto and Isle of Wight, Virginia websites with similar pro-ISIS content.
The defacements disrupted public access to county services until all sites were restored before the publication of HackRead's report on November 28. No evidence indicated unauthorized access to sensitive data or clarified the attackers' methods of compromise. The incident occurred amid ongoing cyber conflicts between pro- and anti-ISIS factions, with groups like Anonymous frequently countering pro-ISIS operations. County administrators did not publicly disclose remediation steps, though the prompt restoration suggested incident response protocols were activated. Team System DZ's repeated targeting of Richland County highlighted persistent vulnerabilities in the local government's web infrastructure, though the scope appeared limited to superficial defacements rather than systemic data exfiltration or destruction. The attacks aligned with the group's pattern of low-complexity website takeovers to disseminate propaganda rather than inflict technical damage.