This Christmas it’s not Anonymous or Iranian hackers you need to worry about — it’s the Syrian Electronic Army.
On Tuesday, the Federal Bureau of Investigation dispatched warning notices that the S.E.A. was at it again, according to two people who received the notices, which included various digital clues to help companies block attempted cyberattacks.
On Tuesday, some members of the media, including at The New York Times, received emails containing malicious links purporting to be a CNN news article about the conflict in Syria. The emails, which appeared to come from colleagues in some cases, redirected recipients to fake Google log-in pages that requested their usernames and password credentials.
As in previous S.E.A. attacks, that information allows hackers to get into an employee’s email account and in some cases administrative systems, where they can gather user credentials to a site’s publishing platform or Twitter or Facebook account.
S.E.A. hackers have used those platforms to post messages supporting the government of President Bashar al-Assad, or to post fake news articles. This was the case last April, when hackers from the group posted a fake tweet from the Associated Press Twitter account about purported explosions at the White House, sending the stock market into momentary free fall.
In August, The Times’s website was disrupted after the S.E.A. attacked the company’s domain name registrar, Melbourne IT.
The S.E.A. emerged in May 2011, during the first Syrian uprisings, when it began attacking a wide array of media outlets and nonprofits and spamming popular Facebook pages like President Obama’s and Oprah Winfrey’s with pro-Assad comments. The group’s goal, it said, was to offer a pro-government counternarrative to media coverage of Syria.
The group, which also disrupted The Washington Post in August and The Financial Times in May, has consistently denied ties to the Syrian government and has said it does not target Syrian dissidents, but security researchers and Syrian rebels say they are not convinced. They say the group is the outward-facing campaign of a much quieter surveillance campaign focused on Syrian dissidents and are quick to point out that Mr. Assad once referred to the S.E.A. as “a real army in a virtual reality.”
Federal authorities and security researchers continue to track the group and caution news organizations to be vigilant about opening e-mails that contain out-of-context links, or spelling errors or grammatical mistakes, and, particularly, those that redirect users to phishing sites that ask for their log-in credentials.
Photo: The Syrian Electronic Army had a merry message for its Twitter followers Tuesday as members attempted online attacks on various U.S. organizations.