The Syrian Electronic Army (SEA) is now officially on the FBI's cybercriminal wanted list.
The U.S. Federal Bureau of Investigation (FBI) has officially placed the SEA on an advisory list following a string of attacks on media and government outlets. The FBI calls the SEA a "pro-regime hacker group" that emerged during Syrian anti-government protests in 2011.
The FBI's advisory includes basic information on the SEA, its known capabilities to cause damage, and documents some of the group's most high-profile cyberattacks.
The pro-Assad hacktivist group has taken responsibility for a number of cyberattacks, including compromising the Twitter feed of The Associated Press and other media outlets. When the AP's Twitter feed was taken over, the SEA posted a fake story stating that President Obama had been injured, causing drops in the stock market.
The Guardian was also a target in April this year. The SEA used sophisticated phishing attacks to compromise user accounts and promote the group's political motives:
This year, the SEA has targeted The New York Times, The Washington Post and Twitter itself; taking advantage of weak security measures used by website hosts to redirect users to SEA-controlled websites.
"Over the past several months, the SEA has been highly effective in compromising multiple high-profile media outlets," the FBI warns. "Please maintain heightened awareness of your network traffic and take appropriate steps to maintain your network security. If you detect anomalous or malicious traffic or network behavior, please contact your local FBI Cyber Task Force."
The advisory (.pdf) also warns that groups or individuals found to be aiding or supporting the SEA's activities may be seen as terrorists when attacks are launched against U.S. websites and networks.
The SEA is currently preparing for "Operation Blackout" (#opblackout), which is due to take place in 24 days. The group's warning about the next campaign says that it will be the "path to WW3."
Cisco has warned media sites depending on third-parties for content that the pro-Assad group is exploiting vulnerabilities in third-party systems and software.