Cyber Incident Victim: Egyptian Observatory
Date:
Oct 2015
Location:
Egypt
Summary
A hacktivist group affiliated with Anonymous targeted multiple Egyptian government websites, including the presidency and the Egyptian Observatory, defacing pages and causing temporary disruptions. The attackers claimed the operation was in solidarity with protesters killed during past clashes, denying affiliation with banned Islamist groups while posting evidence of human rights abuses. Officials stated only main pages were briefly compromised without major system or data damage, though several sites required temporary shutdowns. The group announced ongoing attacks and shared proof of breaches, including defacements displaying protest symbols and messages criticizing government divisions and human rights violations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 24, 2015, the Egyptian branch of the hacktivist collective Anonymous conducted coordinated cyber attacks against multiple Egyptian government websites, including the Egyptian Presidency, the Egyptian Observatory site, the Cabinet Decision Support Center (IDSC), Ministry of Tourism, Ministry of Planning, Supreme Council of Press, Center for Information and Decision Support, Egyptian Information Portal, and National Planning Institute. The attacks occurred on Thursday, October 22, 2015, when the presidency website (presidency.gov.eg) went offline due to hacking activity confirmed by Cabinet spokesperson Hossam al-Qawish. According to al-Qawish, only the main page of the presidency website was compromised for a few minutes without significant damage to backend systems or data. Parallel attacks targeted the IDSC website, prompting its technical team to temporarily shut it down as a containment measure. The hackers, operating under the name Anonymous Rabaa, claimed responsibility via their official Facebook page and provided evidence of the breaches through Zone-h archives and mirror links to defaced websites.
The attackers replaced the homepage of compromised sites with a four-fingered Rabaa salute symbol and the message "The revolution continues," referencing the 2013 Rabaa Square massacre where security forces killed protesters demanding the reinstatement of ousted President Mohammed Mursi. Anonymous Rabaa released screenshots and video footage documenting alleged human rights abuses by the government, explicitly stating their attacks were acts of solidarity with victims of the 2013 crackdown while denying affiliation with the banned Muslim Brotherhood. The group criticized the government’s suppression of dissent and demanded accountability for deaths during the 2011 revolution, 2013 Rabaa clashes, and subsequent violence against police and civilians. This incident followed an August 2015 attack on Cairo Airport’s website commemorating the Rabaa massacre’s first anniversary, using identical symbolism. All targeted websites remained offline at the time of reporting, with no evidence of data theft or systemic infrastructure damage beyond temporary service disruption. Government officials characterized the incidents as superficial defacements with limited operational impact, though the coordinated scale across high-profile domains demonstrated persistent vulnerabilities in state digital assets.