Qatar News Agency hack
Attackers planted malware on Qatar's state news agency in April 2017 and exploited it on 24 May to publish fabricated quotes attributed to the Emir, providing the pretext used by Saudi Arabia, the UAE, Bahrain, and Egypt to launch a blockade of Qatar.
- Victim
- Qatar News Agency (QNA)
In the early hours of 24 May 2017, the website and Twitter account of the Qatar News Agency (QNA) β the Gulf state's official news outlet β published fabricated quotes attributed to Emir Sheikh Tamim bin Hamad Al Thani. Within days, the fake statements became the stated pretext for a diplomatic and economic blockade of Qatar by four neighbouring states, making this one of the most geopolitically consequential cyberattacks in history.
What happened
According to Qatar's Ministry of Interior investigation, attackers had quietly breached the QNA network as early as April 2017, using VPN software to gain access and installing malware that gave them control over the agency's publishing systems. The intrusion lay dormant for weeks.
At 00:13 on 24 May 2017, the attackers triggered their payload, publishing a fabricated report claiming the Emir had praised Iran, described Hamas and Hezbollah as legitimate resistance movements, and questioned Qatar's relations with the United States. A parallel fake post, attributed to the foreign minister, claimed Qatar was withdrawing ambassadors from several countries.
The fallout
Although Qatar declared QNA hacked and the statements false within hours, the fabricated quotes had already been amplified across regional broadcasters and social media. On 5 June 2017, Saudi Arabia, the United Arab Emirates, Bahrain, and Egypt cut all diplomatic and trade ties with Qatar, closing borders and airspace. The blockade lasted more than three years, only formally ending in January 2021.
Attribution
Qatar requested assistance from the U.S. Federal Bureau of Investigation. In July 2017, the Ministry of Interior announced that the IP traces of the operation originated from the UAE and that the sophistication pointed to "state resources." The Washington Post separately reported that U.S. intelligence had intercepted communications indicating senior UAE officials discussed the planned operation on 23 May, the day before it ran. The UAE consistently denied any involvement.
Why it matters
The QNA hack demonstrated that a technically modest intrusion β investigators noted the agency's security was so weak "anyone could have been in there" β could be weaponised into a strategic information operation with regional consequences far exceeding any data theft. It became a defining case study in state-sponsored disinformation, showing how compromising a single trusted media source can manufacture a casus belli and reshape international relations.
Timeline
Attackers gain access to the QNA network using VPN software and install malware that will later be used to publish content.
U.S. intelligence later reports that senior UAE officials discussed the planned operation the day before it was executed.
At 00:13, fabricated quotes attributed to Emir Sheikh Tamim bin Hamad Al Thani are published on QNA's website and Twitter feed.
Qatar declares the agency hacked and the statements false; the fabricated content has already circulated across regional media.
Saudi Arabia, the UAE, Bahrain, and Egypt sever diplomatic and trade ties with Qatar, beginning a blockade lasting more than three years.
Qatar's Ministry of Interior announces the attack's IP traces originated from the UAE; the UAE denies involvement.
Sources
- aljazeera.comhttps://www.aljazeera.com/news/2017/6/7/qatar-reveals-preliminary-results-of-qna-hacking-probe
- aljazeera.comhttps://www.aljazeera.com/news/2017/7/20/qatar-says-cyberattack-originated-from-the-uae
- gco.gov.qahttps://www.gco.gov.qa/en/media-centre/top-news/qatar-marks-one-year-since-qna-hack/
- vice.comhttps://www.vice.com/en/article/the-hack-that-caused-a-crisis-in-the-middle-east-was-easy/