Justice Blade, a new threat group that could be ideologically motivated, was seen targeting major organizations, including government agencies, in the Kingdom of Saudi Arabia and other countries in the GCC.
Prime target
According to a report published by SecurityAffairs, Justice Blade has a hack-and-leak strategy for its operations.
- Its prime target is Smart Link BPO Solutions, an outsourcing IT vendor that works with major enterprises and government agencies in the region.
- The attack targeted Active Directory and internal applications and services in the network.
What was stolen?
- Cybercriminals claim to have stolen a significant volume of data, including CRM records, personal information, email communications, contracts, and account credentials.
- They published multiple credentials belonging to the vendor on the dark web and various underground marketplaces in the Tor network.
Intrusion tactic
Last month, as a post-compromise activity, it used Metasploit in the Smart Link BPO Solutions network, possibly to scan and exploit known vulnerabilities.
Additional targets
Justice Blade has created a private account on a Telegram account for communications between group members.
- Other targets include FlyNas (an airline company) and SAMACares (an initiative managed by Saudi Arabia Central Bank).
- The group claims to have released several lists of users presumably related to targeted organizations.
- Moreover, it claims to release screenshots of active RDP sessions and Office 365 communications between various companies within the region.
Conclusion
Saudi Arabia’s size, wealth, and geopolitical prominence make it a prime target for threat actors. Justice Blade has picked its prime targets with an overlap between enterprise and the government sector. Its strategy may be to launch supply chain attacks or use the stolen data to target other companies and individuals of interest in the region.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/3288_shutterstock_2094575119.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/e051_shutterstock_1746259250.jpg)
