What did attackers break into?
Attackers broke into Qatar News Agency (QNA) network and gained full control over its website, email systems, and social media accounts. Attackers published multiple fake statements via QNA's official channels.
How did the attackers break into it?
At first, attackers used VPNs to mask location and slip into QNA’s systems through weak security. Then they injected malware into the system to steal employees’ information and their login credentials. They used those credentials to get control over website, email and social media.
Who was impacted?
The main victim was the Qatari government’s credibility and diplomatic standing as attackers had published a false phrase attributing to the Emir of Qatar's supportive remarks about Iran, Hamas, Hezbollah, and Israel. Globally, this incident also undermined regional stability and caused geopolitical tensions in the Gulf.
How was it investigated?
A preliminary Qatari investigation assisted by the FBI and the UK’s National Crime Agency was carried out pointing to various suspects. Initially, Russian-affiliated hackers and UAE-affiliated hackers were suspected but upon further investigation, they were denied involvement. In August 2017, five suspects believed to be connected with the hack were finally arrested in Türkiye.
What did attackers break into?
Attackers broke into RasGas’s systems and knocked its website and email servers offline.
How did the attackers break into it?
The attack was caused due to a destructive malware that wiped files and rendered the system unstable. It is widely speculated to be related to the "Shamoon" malware that had hit Saudi Aramco earlier in August 2012.
Who was impacted?
The RasGas's administrative systems were down (website and email). Hence, only RasGas was impacted.
How was it investigated?
RasGas worked with Qatar’s ICT authority to purge the infection and restore services but the exact technical details and the attributions were never publicly confirmed.