Syrian Electronic Army (SEA) is a pro-Assad, pro-Syrian-government threat actor. The content describes SEA as a group that exploited security flaws to place pro-Assad messages on the websites and social media feeds of Western media organizations, NGOs, and corporate entities, and as a well-known actor targeting the Syrian Revolution, including lower-profile malware operations against the opposition. Reported targeting includes news sites and prominent Twitter accounts, with claimed responsibility for DNS hijacking attacks affecting The New York Times and Twitter, compromise of the Associated Press Twitter account to post a false White House bombing report, and an attack on Forbes in February 2014 that leaked more than 1 million user accounts and posted fake news stories. The content also states that SEA-linked social media operations used trolls and honeypot accounts to build trust, distribute dubious links, and support hacker activity. Additional mention contexts note Arabic-named LNK files disguised as government forms as a documented TTP used by multiple actors including SEA. One cited analysis says SEA was likely organized and probably affiliated with the Syrian government; however, the content directly and consistently supports describing SEA as pro-Assad/pro-Syrian-government rather than making a definitive state attribution. Known alias in the provided content: SEA.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Sectors the actor has been observed targeting.
Geographies tied to known operations.
7 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
10 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Referenced as a historical example of a prior defacement of U.S. Army-related websites.
Mentioned as an example of a known actor that has used Arabic-language lure documents disguised as government forms in targeted campaigns.
Attributed with the 2014 attack on Forbes that leaked over 1 million user accounts and resulted in fake news stories being posted to forbes.com.
Pro-Assad actor historically targeting Syrian opposition (and also Western orgs) with lower-profile malware operations and influence/attack activity.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.