This post is also available in: heעברית (Hebrew)

The so-called Cyber Caliphate, the supposed cyber army of jihadist organization ISIS, has featured prominently in the news in recent years with a string of high profile attacks on significant targets. The Cyber Caliphate defaced US government websites, hacked into Department of Defence databases and released personal information of 1,400 US military affiliates, hijacked several feeds belonging to French TV channel TV5Monde and defacing its websites with the tagline “Je suis ISIS,” and more, much more.

As the Cyber Caliphate threat grew, western intelligence agencies took note and devoted significant resources to exposing and fighting the organisation. These efforts increased with the recent announcement that the various ISIS hackers were merging under a new umbrella organisation, the United Cyber Caliphate, which could constitute a major threat online.

In late February, the Pentagon announced the beginning of a full-scale cyber-war against ISIS, including activity by the US Cyber Command and a drone strike which killed Junaid Hussain, British jihadist of Pakistani origin who was the Caliphate’s best-known hacker.

However, not all is at it seems in the land of jihadi cyber warfare. Following the TV5Monde attack, French intelligence services scrutinised the group’s activity and concluded that the hackers involved had, in fact, no ties to ISIS, but a rather better established organisation famous for its deceptive spying practices. French investigators traced the attacks back to Moscow, and in particular APT 28, a group well-known as the Kremlin’s secret cyber-arm.

Similar conclusions were reached following analysis in other countries, too. The US State Department said in a mid-2015 report that although the “Cyber Caliphate declares to support [ISIS], there are no indications—technical or otherwise—that the groups are tied.” According to Der Spiegel, German intelligence also believes the Cyber Caliphate to be a Russian false-flag operation, part of Moscow’s 4,000-strong hacking staff.

To those versed in the practices of the clandestine world of spies, none of this should come as a surprise. The Kremlin has had over 100 years to perfect its false-flag practices, with the only innovation being that these sort of operations now take place in the cyber-world. For Moscow, this is just another tool in their arsenal, but it does indicate that ISIS is not nearly as formidable as it once seemed.