A cyber espionage campaign targeting activist groups in Syria is likely the work of the Islamic State of Iraq and Syria (ISIS), according to a report published on Thursday by CitizenLab, a research group at the University of Toronto’s Munk School of Global Affairs.
The attacks have targeted a group of Syrian activists, Raqqah Is Being Slaughtered Silently (RSS), that focuses on documenting human rights abuses in the northern Syrian city of Ar-Raqqah, which is currently occupied by ISIS, according to the analysis. The attacks used a tailored e-mail message to direct targeted users to an infected slide show, purportedly showing locations of ISIS forces and US airstrikes, but in reality, compromising the victim’s computer.
The attack does not result in remote access to a victim’s computer, but does result in a malicious program sending out occasional e-mail messages with data about the victim’s system and location, including the Internet protocol (IP) address, CitizenLab said in its analysis.