Dissecting the Syrian Electronic Army’s Digital Arsenal | WhoisXML API

Threat Reports

On the Frontlines of the Syrian Electronic Army’s Digital Arsenal

Possibly one of the first public Internet armies, the Syrian Electronic Army is notorious for stealing user credentials to deface websites. Among their suspected victims are U.S. government websites, media outlets, PayPal, and eBay. Two of its members were indicted in 2018.1

WhoisXML API researchers, with initial inputs from threat researcher Dancho Danchev, recently uncovered active cyber resources possibly tied to the threat group. The investigation revealed:

  • Dozens of unredacted email addresses known to belong to the Syrian Electronic Army
  • 440+ responding IP addresses known to be involved in the threat group’s campaigns
  • 770+ connected domains, either registered using the group’s email addresses or resolving to the IP addresses related to the group
  • About 77% of the domains have active IP resolutions

Get access to our findings and uncover more on your own. Download the report now.

  • [1] https://www.justice.gov/usao-edva/pr/two-members-syrian-electronic-army-indicted-conspiracy
Try our WhoisXML API for free
Get started