Black Lotus Labs cybersecurity experts: It propagates through known CVEs and brute forced as well as stolen SSH keys. It is the evolution Kaiji.
The Islamic State responds to the maxi cyber offensive EUROPOL by changing servers and URLs of the propaganda sites. But who manages backups and transfers has become a target
Daesh reacts to the EU, EUROPOL, USA and Canada cyber offensive to its propaganda channels on the Internet. The Islamic State did by changing the servers and URLs from which he spreads the messages. As in the case of al-Bayan, the web radio of ISIS, which has begun to transmit again after a few days of stop. Moreover, on the page there are links to the latest edition of the weekly al-Naba and to the Firefox plugins necessary to reach the jihadist broadcasts. Therefore, it is foreseeable that soon will be back online other malicious sites, such as AMAQ. It seems that the cyber militiamen were ready for this eventuality and responded to the cyber-attack, changing the origin of the propaganda. From servers to URLs. However, this is not without risks. If those who keep the backups where there are stored all the data was monitored, moving them would transmute into a suicide and a serious damage to the group.
EU, USA and Canada together with EUROPOL launched a joint operation in recent days to stop the spread of Daesh online propaganda
Daesh in recent days had suffered a heavy cyber-attack by European Union, Canada and US. The action was led by the Belgian Federal Prosecutor’s Office and coordinated by the European Union Internet Referral Unit (EU IRU), as well as by the European Counter Terrorism Center (ECTC) at the EUROPOL headquarters, in collaboration with Eurojust. The goal was to block the Islamic State’s ability to spread online propaganda material. Belgium, Bulgaria, Canada, France, the Netherlands, Romania, the UK and the United States participated in the operation. On April 25 and 26 there was a simultaneous block of platforms such as AMAQ, server seizure and evidence gathering to trace who had registered the Internet domains. Other ISIS channels were also hit on the offensive, such as al-Bayan radio, Halumu and Nashir news. In fact, inhibiting the capability of jihadists to spread malicious content on the web and social media.
Even the servers seized from the Islamic State are a gold mine. They will allow to map the online propaganda structure and its recipients
Moreover, the servers seized to the Daesh sympathizers in Europe are a gold mine for investigators. Indeed, today it is possible to carry out in-depth analyzes of their content. These will allow them to understand who has been received the propaganda of the Islamic State, and therefore is a potential terrorist, as well as what is the source. That is precisely the subjects linked to Isis who have all the backups of the servers and are responsible for reloading them on new platforms. Whether they are in the EU or elsewhere. Having the vectors with which the malicious contents are launched and knowing the TTPs of cyber jihadists will help to draw a map of who is who and what he does at the apical level in the online radicalization war carried out by the group (administrators of publications and sites, technicians, nominees, etc. ..).