A newly discovered ideologically motivated threat group called Justice Blade was spotted targeting the largest organisations in the Kingdom of Saudi Arabia. Based on reports, the group have set their sights on major organisations and government agencies within the country and nations included in the Gulf Cooperation Council (GCC).
According to an investigation, the Justice Blade group has a hack-and-leak tactic used for its operations. The group’s primary target is Smart Link BPO Solutions.
This targeted entity is an outsourcing Information Technology (IT) vendor that cooperates with high-end enterprises and government agencies in the region. Researchers revealed that the recent attack had targeted the internal applications, services, and Active Directory in the network of the companies.
Justice Blade operators said they have stolen troves of data from their targets.
The Justice Blade group claimed to have stolen massive data such as CRM records, email communications, personal information, account credentials, and contract details.
To prove their claims, the group has published several credentials owned by the IT vendor on various underground marketplaces and the dark web in the Tor network.
According to researchers, this group has used vulnerabilities for their intrusion strategies. A month ago, the group was spotted by researchers using the Metasploit in the Smart Link BPO Solutions network as a post-compromise activity. They believe the group has utilised the Metasploit to scan and abuse known vulnerabilities.
Justice Blade has currently organised a private Telegram channel for communications between their group members.
The confirmed entities this group has compromised are the FlyNas airline company and SAMACares, an initiative managed by a Saudi Arabian bank. The group claimed that they had released numerous lists of users that may have been related to the targeted firms.
Lastly, Justice Blade said they have published screenshots of 365 communications and RDP sessions between various regional companies.
Saudi Arabia’s prominence in wealth, size and geopolitical advantages has attracted many threat actors to this day. As of now, the Justice Blade threat group may be looking to deploy supply chain attacks or use the stolen data to utilise it for further attacks soon.
