DISARMframeworks/generated_pages/incidents/I00066.md

# Incident I00066: The online war between Qatar and Saudi Arabia

* **Summary:** <I>“In the early hours of 24 May 2017, a news story appeared on the website of Qatar's official news agency, QNA, reporting that the country's emir, Sheikh Tamim bin Hamad al-Thani, had made an astonishing speech.<br><br> […]<br><br> “Qatar claimed that the QNA had been hacked. And they said the hack was designed to deliberately spread fake news about the country's leader and its foreign policies. The Qataris specifically blamed UAE, an allegation later repeated by a Washington Post report which cited US intelligence sources. The UAE categorically denied those reports.<br><br> “But the story of the emir's speech unleashed a media free-for-all. Within minutes, Saudi and UAE-owned TV networks - Al Arabiya and Sky News Arabia - picked up on the comments attributed to al-Thani. Both networks accused Qatar of funding extremist groups and of destabilising the region.”</i><br><br> This incident demonstrates how a hack of a mainstream news agency website allowed for an inauthentic narrative to be given a level of credibility which caused significant political fallout.

* **incident type**: incident

* **Year started:** 2017.0

* **Countries:**  , Qatar

* **Found via:** 

* **Date added:** 2024-03-12


| Reference | Pub Date | Authors | Org | Archive |
| --------- | -------- | ------- | --- | ------- |
| [https://www.bbc.co.uk/news/blogs-trending-44294826](https://www.bbc.co.uk/news/blogs-trending-44294826) | 2018/06/03 | Owen Pinnell | BBC News | [https://web.archive.org/web/20180605001510/https://www.bbc.com/news/blogs-trending-44294826](https://web.archive.org/web/20180605001510/https://www.bbc.com/news/blogs-trending-44294826) |

 
| Technique | Description given for this incident |
| --------- | ------------------------- |
| [T0150.005 Compromised Asset](../../generated_pages/techniques/T0150.005.md) | IT00000216 _"In the early hours of 24 May 2017, a news story appeared on the website of Qatar's official news agency, QNA, reporting that the country's emir, Sheikh Tamim bin Hamad al-Thani, had made an astonishing speech."_ <br /> <br />_"[…]_ <br /> <br />_"Qatar claimed that the QNA had been hacked. And they said the hack was designed to deliberately spread fake news about the country's leader and its foreign policies. The Qataris specifically blamed UAE, an allegation later repeated by a Washington Post report which cited US intelligence sources. The UAE categorically denied those reports._ <br /> <br />_"But the story of the emir's speech unleashed a media free-for-all. Within minutes, Saudi and UAE-owned TV networks - Al Arabiya and Sky News Arabia - picked up on the comments attributed to al-Thani. Both networks accused Qatar of funding extremist groups and of destabilising the region."_ <br /> <br />This incident demonstrates how threat actors used a compromised website to allow for an inauthentic narrative to be given a level of credibility which caused significant political fallout (T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0152.004: Website Asset, T0150.005: Compromised Asset). |


DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
New Version 1.4 of Red Framework: Some of the Requests from EEAS and VIGINUM 2024-03-13 15:07:55 -04:00			`# Incident I00066: The online war between Qatar and Saudi Arabia`

New Version 1.5 of Red Framerwork: map Disguising Assets from Meta Kill Chain 2024-07-23 04:58:02 -04:00			* Summary: <I>“In the early hours of 24 May 2017, a news story appeared on the website of Qatar's official news agency, QNA, reporting that the country's emir, Sheikh Tamim bin Hamad al-Thani, had made an astonishing speech.<br><br> […]<br><br> “Qatar claimed that the QNA had been hacked. And they said the hack was designed to deliberately spread fake news about the country's leader and its foreign policies. The Qataris specifically blamed UAE, an allegation later repeated by a Washington Post report which cited US intelligence sources. The UAE categorically denied those reports.<br><br> “But the story of the emir's speech unleashed a media free-for-all. Within minutes, Saudi and UAE-owned TV networks - Al Arabiya and Sky News Arabia - picked up on the comments attributed to al-Thani. Both networks accused Qatar of funding extremist groups and of destabilising the region.”</i><br><br> This incident demonstrates how a hack of a mainstream news agency website allowed for an inauthentic narrative to be given a level of credibility which caused significant political fallout.
New Version 1.4 of Red Framework: Some of the Requests from EEAS and VIGINUM 2024-03-13 15:07:55 -04:00
			`* incident type: incident`

New Version 1.5 of Red Framerwork: map Disguising Assets from Meta Kill Chain 2024-07-23 04:58:02 -04:00			`* Year started: 2017.0`
New Version 1.4 of Red Framework: Some of the Requests from EEAS and VIGINUM 2024-03-13 15:07:55 -04:00
			`* Countries: , Qatar`

			`* Found via:`

			`* Date added: 2024-03-12`
Added URLs to incident pages 2024-05-18 18:19:30 -04:00

New Version 1.5 of Red Framerwork: map Disguising Assets from Meta Kill Chain 2024-07-23 04:58:02 -04:00			`\| Reference \| Pub Date \| Authors \| Org \| Archive \|`
			`\| --------- \| -------- \| ------- \| --- \| ------- \|`
			`\| [https://www.bbc.co.uk/news/blogs-trending-44294826](https://www.bbc.co.uk/news/blogs-trending-44294826) \| 2018/06/03 \| Owen Pinnell \| BBC News \| [https://web.archive.org/web/20180605001510/https://www.bbc.com/news/blogs-trending-44294826](https://web.archive.org/web/20180605001510/https://www.bbc.com/news/blogs-trending-44294826) \|`
Added URLs to incident pages 2024-05-18 18:19:30 -04:00
New Version 1.4 of Red Framework: Some of the Requests from EEAS and VIGINUM 2024-03-13 15:07:55 -04:00

			`\| Technique \| Description given for this incident \|`
			`\| --------- \| ------------------------- \|`
Corrected columns for urls sheet, added back asset into technique names, and tidied up mapping of existing incidents to amended techniques 2024-11-21 11:50:30 -05:00			\| [T0150.005 Compromised Asset](../../generated_pages/techniques/T0150.005.md) \| IT00000216 _"In the early hours of 24 May 2017, a news story appeared on the website of Qatar's official news agency, QNA, reporting that the country's emir, Sheikh Tamim bin Hamad al-Thani, had made an astonishing speech."_ <br /> <br />_"[…]_ <br /> <br />_"Qatar claimed that the QNA had been hacked. And they said the hack was designed to deliberately spread fake news about the country's leader and its foreign policies. The Qataris specifically blamed UAE, an allegation later repeated by a Washington Post report which cited US intelligence sources. The UAE categorically denied those reports._ <br /> <br />_"But the story of the emir's speech unleashed a media free-for-all. Within minutes, Saudi and UAE-owned TV networks - Al Arabiya and Sky News Arabia - picked up on the comments attributed to al-Thani. Both networks accused Qatar of funding extremist groups and of destabilising the region."_ <br /> <br />This incident demonstrates how threat actors used a compromised website to allow for an inauthentic narrative to be given a level of credibility which caused significant political fallout (T0097.202: News Outlet Persona, T0143.003: Impersonated Persona, T0152.004: Website Asset, T0150.005: Compromised Asset). \|
New Version 1.4 of Red Framework: Some of the Requests from EEAS and VIGINUM 2024-03-13 15:07:55 -04:00

			`DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW`