3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Syrian Electronic Army

Syrian Electronic Army

ID: 91bb6428c67a3dec38e3ffd2472a9bac52165
Hacktivist Group Collective Defacement Crew Hacktivism State-Sponsored
Threat types: Propaganda, Social Engineering, Phishing, Malware, Defacement, Exfiltration
Syrian Arab Republic
Updated: 2026-01-13
Created: 2025-10-17
Progress: 47% Completeness: 45% Freshness: 50%
Operation zone:
Aliases Limited alias preview
SEA SyrianElectronicArmy
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: high
Actor Techniques page ATT&CK® Diagram

Syrian Electronic Army (SEA) — pro-Assad hacktivist/IO group active since 2011; responsible for the 2013 AP Twitter hijack that briefly moved U.S. markets, and the 2013 NYTimes DNS/registrar hijack. U.S. indictments in 2016 named operators and described tactics.


Technique Technique name Tactics Evidence
T1566 Phishing TA0001
  • 2013 — Credential phishing/social engineering used against media staff and admins. · ref
T1078 Valid Accounts TA0001 TA0003 TA0004 TA0005
  • 2013-04-23 — AP Twitter account hijacked; false 'White House explosion' tweet briefly dipped markets. · ref
T1190 Exploit Public-Facing Application TA0001
  • 2013-08-27 — Registrar/DNS account access leading to NYTimes domain redirection (external service abuse). · ref
Strategic Intelligence
Limited preview
Last updated: 2025-10-18T01:26:34+00:00
Syrian Electronic Army (SEA) — Pro-Regime Hack-and-Influence Actor

CLASSIFICATION: Unclassified / Open Source


Executive Summary

The Syrian Electronic Army (SEA)—a pro-Assad hacktivist/IO actor—has executed high-visibility operations since 2011, including the 2013 AP Twitter compromise that caused a brief U.S. stock dip and 2013 NYTimes DNS/registrar hijack and redirection. U.S. legal actions in 2016 named SEA members and detailed tactics. Confidence: high (indictments; mainstream media corroboration).

Pro-regime information warfare ethos; small, capable core with auxiliaries; mixes social-engineering, account takeovers, and DNS/registrar tampering to maximize media impact. The Associated Press

Aims to shape narratives, embarrass Western media, and bolster regime legitimacy via spectaculars that drive coverage and sow confusion. WIRED

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.