Cisco: Syrian Electronic Army using third-parties to attack media organizations

The networking giant also warned media sites depending on third-parties for content that they might be increasing the chances of their users being compromised by attackers.


The Syrian Electronic Army appears to be using third-party web properties and domains to attack media organizations, based on new analysis from Cisco.

Furthermore, the networking giant warned that media sites depending on third-parties for content may be increasing the chances of their users being compromised by attackers.

Read this

Symantec denies blame after Chinese govt hacks The New York Times

After one of the world's most famous newspapers points the finger at Symantec for failing to protect its network against a four-month long Chinese cyberattack, the security firm returns fire.

Read More

The Syrian Electronic Army has a history of targeting news companies, among other prominent global organizations.

Earlier this year, the cyber-crime group launched a series of attacks on Twitter , Thomson Reuters, The Associated Press, and The Guardian, among others .

Last Thursday , The Washington Post admitted that it was the victim of a cyber-attack incurred by the hackers supporting the regime of current Syrian president Bashar al-Assad.

The Atlantic also reported last week that the online channels for CNN and Time were also attacked by the same organization.

Jaeson Schultz, a threat research engineer for Cisco's Threat Research and Communications (TRAC) team, explained in a blog post on Friday that attacks on online sharing tools on Outbrain and ShareThis reveal a detrimental pattern:

A whois lookup informs us that the “” domain name is registered at GoDaddy, and typically it has its nameservers pointed to Akamai. However starting on the 21st of August, the nameservers for “” were pointed to nameservers used by the Syrian Electronic Army. The following data was found in passive DNS. (Please note that belongs to GoDaddy.)

Schultz hinted that it is up to Internet users to protect themselves, pointing toward usage of Web browser tools such as RequestPolicy, which restricts a browser to only load content from the domain located in the address bar.

Image via the Cisco Security blog