Recorded Future have just released research which demonstrates that in the midst of the ongoing Yemeni civil war, local and international players are waging a secondary war through internet control and other cyber means. Recorded Future’s Insikt Group assesses that dynamics of the Yemeni civil war are manifesting themselves online through a struggle over Yemeni access, use, and control of the internet. Recorded Future identified both censorship controls and traffic attempting to subvert those controls within Yemen, as well as spyware activity. This report intends to establish a baseline of internet activity, use, and access in Yemen.
Key judgements of the research include:
· Since taking Yemen’s capital, Sana’a, in September 2014, the Houthi rebels have supervised the main ISP YemenNet, as well as the same access controls and censorship tools previously used to disrupt, degrade, or monitor internet activity for the last three years.
· Recorded Future assesses with medium confidence that the Houthi rebels within Sana’a are taking advantage of YemenNet’s vast IP infrastructure to host Coinhive mining services to generate revenue.
· While official government sites hosted on YemenNet and the .ye domain space have been changed to reflect the Houthi government in Sana’a, rather than the Hadi government in Aden, Recorded Future has noted some vulnerabilities within YemenNet’s main name server and multiple servers that, until recently, hosted over 500 official .ye domains.
· The Hadi government, now in Aden instead of Sana’a, produced a new ISP, AdenNet, in June 2018. We believe this could lead to new internet resiliency within the country as internet subscriptions and mobile subscriptions continue to rise.
· A small percentage of internet users in Yemen are using either VPNs, Tor, or routers with DNS recursion to circumvent government controls.
· Suspicious internet-related activity out of Yemen suggests low levels of adware and spyware, but information as to the actors behind it is inconclusive.
· Major international players, including the United States, Russia, and China, are using malware, military activity, political leverage, and investments to further their interests in the Saudi-Iranian regional conflict for hegemony within Yemen.
You can find the research here.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.