WEBINAR | From Deal to Defense: Unifying Cybersecurity Post-M&A
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
March 15, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
Recently we wrote about the initial breach of the Ministry of Foreign Affairs of the Kingdom of Saudi Arabia (KSA). We felt like this was noteworthy for several reasons:
The breach of the Ministry of Foreign Affairs (MOFA) of the Kingdom of Saudi Arabia (KSA) was made public on 21 May, 2015. The alleged attackers claimed to have compromised over 3,000 computers and servers belonging to the Ministry of Foreign Affairs along with the personal and secret data of “…hundreds of thousands of their staff and diplomats in different missions around the world.”
The group who allegedly assumed responsibility for this breach was the Yemen Cyber Army (YCA). The Yemen Cyber Army’s origins are the subject of much debate. In addition to its origins being questioned so are its membership and its political affiliations. The group first appeared in 2011 and was actively involved in defacements and other miscreant activity through 2013 and resurfaced in early 2015. Open source intelligence analysis suggests that there are multiple individuals involved with the group and that these individuals work in concert to promote the group’s activities.
Digital Shadows (now ReliaQuest) has conducted extensive research into the Yemen Cyber Army. We’ve studied its use of social media and other outlets of communication. The content that they have generated and promoted through these social media channels (e.g. various parties Twitter accounts, Facebook accounts, Pastebin and other paste sites etc.), suggest that the group has shifted its ideologies since its inception in 2011, moving away from its condemnation of the Yemeni based Islamic Shiite movement, Houthis and their allies, to a more supportive position of the movement in 2015. There are likely several reasons that this shift has occurred. We believe that these reasons may include the following:
1. There was a fundamental shift in membership within the group.
No one knows for certain how many active or historical participants are or were a part of the Yemen Cyber Army (YCA) however; we do have a credible understanding of the messaging and patterns of language, including rhetoric and slang that they have used over time. This insight has helped us formulate opinions based on the information we have at our disposal. It should be noted that these patterns have changed over time and those changes support the idea that there has been a fundamental shift in membership and / or ideology within the group.
2. There are multiple people, groups and / or proxies operating under the name “Yemen Cyber Army”.
We believe that this is possible and highly likely due to the fact that there has been an ideological shift within the group in addition to changes in their messaging and rhetoric. Additionally, there has been an evolution in their capabilities that suggests that their current capabilities differ significantly from the capabilities first observed between 2011 and 2013. This evolution has seen the group move from simple website defacements to large-scale breaches which demonstrates significant growth of technical capability.
Figure 1: Yemen Cyber Army Facebook Page
We believe that it is also possible that there are multiple people, groups and / or proxies operating under the name “ Yemen Cyber Army”. If this is the case it may explain why it appears that their capabilities have matured demonstratively in recent history versus the capabilities they demonstrated in the past. Additionally, it may also explain the shift in political ideology noted above with respect to the Yemen Islamic Shiite movement. This hypothesis correlates with those held by other research organizations which suggest that a nation state such as Iran may be supporting or driving the actions of the Yemen Cyber Army. There are several notable observables tied to this belief including the initial news coverage of the breach of the Ministry of Foreign Affairs (MOFA) of the Kingdom of Saudi Arabia (KSA) was provided by the FARS news agency (a news agency located in Iran). However, it should be noted that there is no concrete evidence available at this time that ties Iran to the activities associated with the Yemen Cyber Army. Though rooted in conjecture it is important to note and recognize this possibility, as it would not be the first time a nation state has used an otherwise independent organization as a proxy for its actions. Other theories exist with respect to the Yemen Cyber Army and potential ties to other groups. Such theories include the idea that the YCA was in fact involved with a Pakistani hacking group known as the ‘Hex Hackers’ however, this has yet to be substantiated.
What then can we conclude with respect to the Yemen Cyber Army, its activity, and its membership? We can conclude that the Yemen Cyber Army has undergone fundamental changes to its philosophical and / or ideological leanings in recent years that have accompanied a perceived increase in cyber capabilities of the group. Whether this is due to an influx of new members, the maturing of legacy members, or presence of another group working within or under the guise of the Yemen Cyber Army is unknown.
We can also conclude that in all cases where attribution is a compelling factor for identifying threat actors with certainty that the race to discover, expose, and identify the “real” threat actors will continue for the foreseeable future. Furthermore, we can conclude that if it is in fact the case that a nation state such as Iran was involved in either the support or active proxying of the Yemen Cyber Army (YCA) that it would attract the attention of not only the Kingdom of Saudi Arabia (KSA), but of its allies as well. For the moment, we must wait for more information to come to light as the Kingdom of Saudi Arabia (KSA) continues its investigation into this case. If they decide to divulge and share more information related to the breach perhaps we will have a better idea of who is truly responsible for the actions taken against them and for what reason.
For more information regarding the breach and the Yemen Cyber Army please visit the Digital Shadows (now ReliaQuest) portal.