WEBINAR | From Deal to Defense: Unifying Cybersecurity Post-M&A
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
March 15, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
As of April 2015 there were more than 270 breaches reported that exposed an estimated 102,372,157 records. Those are staggering numbers.
Last week, we wrote about the now infamous Adult Friend Finder breach how the nature of the data contained within that breach made it a highly sensitive occurrence. In the case of this breach, the investigation is ongoing and will likely be for sometime, since the alleged attacker in that case took to the dark web to voice his dispute with the owners of the site and eventually posted a large cache of data.
The motives in the Adult Friend Finder breach were rooted in revenge and extortion. This week we’ll address another breach that occurred around the same time, which was equally sensitive but for different reasons. Unlike the Adult Friend Finder, this breach saw very sensitive and, in some cases, classified nation state information leaked to the public. In this case the victim wasn’t a website or another form of consumer site. It was the government of the Kingdom of Saudi Arabia.
The trouble began in April of 2015 when al-Hayat, a leading pan-Arab news outlet and paper with a circulation estimated at over 200,000, was hacked and defaced as a part of #OpSaudi. Al-Hayat is known for its Pro-Saudi stance, which may have influenced the attack. The image that was left on the site featured anti-Israeli and anti-American rhetoric and a warning to the enemies of Yemen and the supporters of the Kingdom of Saudi Arabia
The group that claimed responsibility for the al-Hayat attack was the same group who claimed responsibility in the breach that affected the Saudi Ministry of Foreign Affairs (MOFA), the Yemen Cyber Army. It is unclear at this time when the breach occurred however, early coverage of the breach was noted on online news sources such as this one. Following suit, on May 21, 2015, an anonymous individual or group of individuals posted the following to Twitter via the hxxp://www.quickleak.org site:
The Yemen Cyber Army’s reason for conducting the attack against the Saudi Arabian MOFA was based on Saudi Arabia’s involvement with the conflicts in Yemen. The Yemen Cyber Army is a relatively new threat actor group. Some of the first known instances of activity attributed to the Yemen Cyber Army occurred in February 2012. This activity involved website defacement and messaging. At the time of this writing there are several theories being discussed within the research community regarding the identity of the actor or actors involved in the Yemen Cyber Army. Some argue that this is the work of one individual who is whose political and activist activities have varied over the last three years. It’s important to note that at this time no one has come forth, in an official or unofficial capacity with information describing how the breach was executed in detail. We do not know if those details are being suppressed at this time.
The Yemen Cyber Army has been quite vocal about what it has stolen and what it has access to. The threat actor group has claimed to steal a vast amount of data and in truth the data has been leaked up to this point in time has been alarming. Much of the data is of a very sensitive nature. Information pertaining to e-mails belonging to top Saudi diplomats, Foreign Ministry staff, Intelligence Community members, and military personnel. Additionally, many classified documents and communications between Saudi officials and other governments dating back to the early 1980s was disclosed. Additionally, all subdomains and servers related to the MOFA as well as the private information belonging to 30,000 citizens and 11,000 MOFA personal was taken and posted online. The threat actors left a message on the compromised hosts in the Saudi Arabia MOFA network. This image depicts what the Yemen Cyber Army left behind:
At the time of this writing, the actions of the Yemen Cyber Army continue to indicate that it is an agenda driven, politically motivated threat actor. The actions taken by the Yemen Cyber Army indicate that they believe they are justified in attack the Kingdom of Saudi Arabia for its involvement in the military conflicts in Yemen. What remains unclear is the true identity of the threat actor or actors participating in the Yemen Cyber Army, the vulnerabilities that they exploited to gain access the infrastructure controlled by the Saudi Arabia MOFA, and the TTPs associated with the threat actor group. It is our belief that until more information is made available it will be extremely difficult to conduct deeper analysis of this breach.
On Saturday May 23, 2015 the Iranian website https://www.presstv.ir ran a story that asserted that the Saudi Arabian media had confirmed the breach occurred after speaking with Osama bin Ahmad al-Sanousi, a senior official at the Kingdom of Saudi Arabia’s Foreign Ministry. The Saudi spokesman is reported to have downplayed the seriousness of the attack calling it “limited.” The world will have to wait patiently for more details to be divulged in this case. Saudi Arabian officials should act swiftly in assessing the MOFA environment and assets by conducting incident response and forensic analysis.