article featured image


A threat actor group going by the name of Justice Blade began publishing data stolen from Smart Link BPO Solutions, an outsourcing IT vendor working with organizations and government agencies in the Kingdom of Saudi Arabia and other countries in the GCC.

The hackers claim to have stolen a significant volume of data, including contracts, personal information and account credentials, as well as email communications. They also set up a Telegram account with a private communications channel and released screenshots of active RDP sessions and Office 365 communications between various companies from within the region, and several lists of users related to FlyNas airlines company and SAMACares which is managed by Saudi Arabia Central Bank.


According to the American cybersecurity company, Resecurity Inc., this data breach is one of the first cyberattacks with a significant impact in the region, due to the overlap between the private and the government sector.

The leaked communications between company staff hint to the fact that the compromised account belonging to an employee was used to conduct the attack. Further, Metasploit was allegedly detected by the IT company, which was likely deployed post-compromise.

The Reason Behind the Attack

At the time of this being written, there haven`t been any demands for ransom, meaning the attack might not be financially motivated. However, the Justice Blade group appears to be ideologically motivated, and Smart Link BPO Solutions is a business unit of Al Khaleej Training and Education Group, which in 2012 was Listed in Forbes Middle East 2012 as one of the topmost powerful 100 companies in the GCC region.

Another possibility is that the incident might be related to the growing tensions between Iran and Saudi Arabia. As reported by the Associated Press, Saudi Arabia shared intelligence with US officials which suggests Iran could be preparing for an imminent attack on the Kingdom.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Mihaela Popa


Mihaela is a digital content creator for Heimdal® and the proud owner of an old soul and a curious mind. Passionate to learn and discover more about cybersecurity, she will gladly share her latest finds with you.