{
	"id": "3de9139e-ca6c-47cf-82cb-4e2fef4f01ee",
	"created_at": "2026-04-06T00:09:12.069343Z",
	"updated_at": "2026-04-10T03:33:54.730271Z",
	"deleted_at": null,
	"sha1_hash": "48786c4345f56ad66b50edf46196ed6a9482e5a1",
	"title": "Operation Ababil",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 83411,
	"plain_text": "Operation Ababil\r\nBy Contributors to Wikimedia projects\r\nPublished: 2013-02-11 · Archived: 2026-04-05 19:48:12 UTC\r\nFrom Wikipedia, the free encyclopedia\r\nOperation Ababil was a series of cyber attacks starting in 2012, targeting various American financial institutions\r\nand carried out by a group calling itself the \"Cyber fighters of Izz Ad-Din Al Qassam\".\r\nThe cyber attacks, or more specifically denial of service attacks, were launched by the Cyber fighters of Izz Ad-Din Al Qassam also known as Qassam Cyber Fighters. The group announced[1]\r\n the attacks on September 18, 2012\r\non Pastebin where they criticized Israel and the United States and justified the attacks as a response to the\r\nInnocence of Muslims video released by controversial American pastor Terry Jones. Their targets included the\r\nNew York Stock Exchange as well as a number of banks including J.P. Morgan Chase.\r\n[2]\r\n The result of the attacks\r\nwas a limited disruption of the targeted websites. The attacks ended on Oct 23, 2012 because of the Eid al-Adha\r\nholiday[3] at which point they offered to speak to the media through e-mail.\r\nName of the group and operation\r\n[edit]\r\nThe group's moniker, Izz ad-Din al-Qassam, was a Muslim preacher who lead in the fight against British, French\r\nand Jewish nationalist organizations in the Levant in the 1920s and 1930s.\r\nDisputed origins of attacks\r\n[edit]\r\nOn September 21, 2012, the Washington Post reported[4] that the attacks originated not from a hacktivist group\r\nbut from the government of Iran and cited U.S. Senator Joseph I. Lieberman as one who was a proponent of this\r\nidea. Lieberman told C-Span that he believed the Iranian government was sponsoring the group's attacks on US\r\nbanks in retaliation for Western economic sanctions.[5] An early report by Dancho Danchev found the amateurish\r\n\"outdated and virtually irrelevant technical skills\" of the attack suspicious.[6] But Michael Smith, senior security\r\nevangelist at Akamai, found the size of the attacks—65 gigabits of traffic per second—more consistent with a state\r\nactor (such as Iran) than with a typical hacktivist denial of service attack which would be less than 2\r\ngigabits/second.[7]\r\nThe controversial hacktivist, The Jester, claimed the Qassam Cyber Fighters had help with their attacks from the\r\nhacking group Anonymous.\r\n[8]\r\nhttps://en.wikipedia.org/wiki/Operation_Ababil\r\nPage 1 of 3\n\nOn December 10, 2012, the Qassam Cyber Fighters announced[9]\r\n the launching of phase two of Operation Ababil.\r\nIn that statement, they specifically named U.S. Bancorp, J.P. Morgan Chase, Bank of America, PNC Financial\r\nServices and SunTrust Bank as targets and identified events such as Hurricane Sandy and the 2012 US\r\nPresidential Election as reasons for the delay of phase two. This announcement also mentioned disrespect towards\r\nthe Prophet Mohammed as motivation and denied the involvement of any nation state. It was during this time that\r\nmedia attention increased with one journalist observing,[10] \"Operation Ababil stands out for its sophistication and\r\nfocus, experts say.\" and allegations of involvement by Iran also increased.[11] On January 29, 2013, an\r\nannouncement[12] was made that phase two would come to a conclusion due to the removal of the main copy of\r\nthe video from YouTube. The announcement also identified additional copies of the movie also hosted on\r\nYouTube.\r\nOn February 12, 2013, the Qassam Cyber Fighters issued a warning[13] that the other copies of the movie\r\nreferenced in their January 29 posting should be removed. They followed this with a \"serious warning\"[14] and\r\nthen an \"ultimatum\"[15] after the additional copies of the video were not removed. On March 5, 2013, they\r\nannounced[16] the beginning of Phase 3 of Operation Ababil on their Pastebin page. This was followed by several\r\nof the financial institutions on their target list reporting website disruptions.[17]\r\nCyberwarfare in the United States\r\nProlexic\r\nAlexander Heid\r\nChase Bank\r\nDDOS\r\n1. ^ \"Bank of America and New York Stock Exchange under attack\". Retrieved February 10, 2013.\r\n2. ^ \"Chase, NYSE Websites Targeted in Cyber Attacks\". Fox Business. Archived from the original on October\r\n19, 2012. Retrieved February 10, 2013.\r\n3. ^ \"The 6th Week, Operation Ababil\". Retrieved February 11, 2013.\r\n4. ^ Nakashima, Ellen (September 21, 2012). \"Iran blamed for cyberattacks on U.S. banks and companies\".\r\nThe Washington Post. Archived from the original on June 20, 2013. Retrieved February 10, 2013.\r\n5. ^ \"Deconstructing the Al-Qassam Cyber Fighters Assault on US Banks\". 2 January 2013. Analysis\r\nIntelligence. Archived from the original on June 16, 2019. Retrieved September 19, 2013.\r\n6. ^ Danchev, Dancho (September 28, 2012). \"Dissecting 'Operation Ababil' - an OSINT Analysis\".\r\nSeptember 28, 2012. Retrieved September 19, 2013.\r\n7. ^ Gonsalves, Antone. \"Bank attackers more sophisticated than typical hacktivists, expert says\". September\r\n28, 2012. CSO. Retrieved September 19, 2013.\r\n8. ^ \"The Jester: Anonymous Hackers Helped Izz ad-Din al-Qassam DDOS US Banks\". Retrieved February\r\n11, 2013.\r\n9. ^ \"Phase 2 Operation Ababil\". Retrieved February 11, 2013.\r\n10. ^ \"Group halts bank cyberattacks\". Star Tribune. Retrieved February 11, 2013.\r\n11. ^ Shachtman, Noah (November 27, 2012). \"Bank Hackers Deny They're Agents of Iran\". Wired. Retrieved\r\nFebruary 11, 2013.\r\n12. ^ \"Operation Ababil Suspended due to removal of insulting movie\". Retrieved March 17, 2013.\r\nhttps://en.wikipedia.org/wiki/Operation_Ababil\r\nPage 2 of 3\n\n13. ^ \"Warning, Operation Ababil\". Retrieved March 17, 2013.\r\n14. ^ \"Serious Warning, Operation Ababil\". Retrieved March 17, 2013.\r\n15. ^ \"Operation Ababil, AlQASSAM ULTIMATUM\". Archived from the original on February 17, 2017.\r\nRetrieved March 17, 2013.\r\n16. ^ \"Phase 3, Operation Ababil\". Retrieved March 17, 2013.\r\n17. ^ \"Bank Attackers Restart Operation Ababil DDoS Disruptions\". Retrieved March 17, 2013.\r\nQassam Cyber Fighters Pastebin page\r\nSource: https://en.wikipedia.org/wiki/Operation_Ababil\r\nhttps://en.wikipedia.org/wiki/Operation_Ababil\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://en.wikipedia.org/wiki/Operation_Ababil"
	],
	"report_names": [
		"Operation_Ababil"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "bb08058c-a744-4129-aa80-10aa34ed8766",
			"created_at": "2022-10-25T16:07:24.474826Z",
			"updated_at": "2026-04-10T02:00:05.003307Z",
			"deleted_at": null,
			"main_name": "Cyber fighters of Izz Ad-Din Al Qassam",
			"aliases": [
				"Cyber fighters of Izz Ad-Din Al Qassam",
				"Fraternal Jackal",
				"QCF",
				"Qassam Cyber Fighters"
			],
			"source_name": "ETDA:Cyber fighters of Izz Ad-Din Al Qassam",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "d63af7da-1b27-4f7e-a006-e7398c38f436",
			"created_at": "2023-01-06T13:46:38.702633Z",
			"updated_at": "2026-04-10T02:00:03.073096Z",
			"deleted_at": null,
			"main_name": "Cyber fighters of Izz Ad-Din Al Qassam",
			"aliases": [
				"Fraternal Jackal"
			],
			"source_name": "MISPGALAXY:Cyber fighters of Izz Ad-Din Al Qassam",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434152,
	"ts_updated_at": 1775792034,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/48786c4345f56ad66b50edf46196ed6a9482e5a1.pdf",
		"text": "https://archive.orkl.eu/48786c4345f56ad66b50edf46196ed6a9482e5a1.txt",
		"img": "https://archive.orkl.eu/48786c4345f56ad66b50edf46196ed6a9482e5a1.jpg"
	}
}