Cisco: Syrian Electronic Army using third-parties to attack media organizations

Summary:The networking giant also warned media sites depending on third-parties for content that they might be increasing the chances of their users being compromised by attackers.


The Syrian Electronic Army appears to be using third-party web properties and domains to attack media organizations, based on new analysis from Cisco.

Furthermore, the networking giant warned that media sites depending on third-parties for content may be increasing the chances of their users being compromised by attackers.

Read this

Symantec denies blame after Chinese govt hacks The New York Times

After one of the world's most famous newspapers points the finger at Symantec for failing to protect its network against a four-month long Chinese cyberattack, the security firm returns fire.

The Syrian Electronic Army has a history of targeting news companies, among other prominent global organizations.

Earlier this year, the cyber-crime group launched a series of attacks on Twitter , Thomson Reuters, The Associated Press, and The Guardian, among others .

Last Thursday , The Washington Post admitted that it was the victim of a cyber-attack incurred by the hackers supporting the regime of current Syrian president Bashar al-Assad.

The Atlantic also reported last week that the online channels for CNN and Time were also attacked by the same organization.

Jaeson Schultz, a threat research engineer for Cisco's Threat Research and Communications (TRAC) team, explained in a blog post on Friday that attacks on online sharing tools on Outbrain and ShareThis reveal a detrimental pattern:

A whois lookup informs us that the “” domain name is registered at GoDaddy, and typically it has its nameservers pointed to Akamai. However starting on the 21st of August, the nameservers for “” were pointed to nameservers used by the Syrian Electronic Army. The following data was found in passive DNS. (Please note that belongs to GoDaddy.)

Schultz hinted that it is up to Internet users to protect themselves, pointing toward usage of Web browser tools such as RequestPolicy, which restricts a browser to only load content from the domain located in the address bar.

Image via the Cisco Security blog

Topics: Security, Cisco, Networking, Tech Industry


Rachel King is a staff writer for CBS Interactive based in San Francisco, covering business and enterprise technology for ZDNet, CNET and SmartPlanet. She has previously worked for The Business Insider,, CNN's San Francisco bureau and the U.S. Department of State. Rachel has also written for, Irish Americ... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.