The Islamic State (ISIS) has been successfully using social media and the internet to recruit new members to the terrorist organization, and earlier this month ISIS announced the consolidation of four separate pro-ISIS “cyber” teams into a single group, the United Cyber Caliphate.

All of this would suggest ISIS has a fairly sophisticated operation in cyber warfare, however, a new report from deep and dark web data and intelligence researchers Flashpoint suggest ISIS is “poorly organized” and “underfunded.”

That doesn’t mean ISIS hackers are of no concern. Flashpoint’s report — Hacking for ISIS: The Emergent Cyber Threat Landscape — acknowledges that the Cyber Caliphate is of great concern, but despite its formation, ISIS continues to execute attacks the researchers call “novice-level.”

These “attacks of opportunity” have largely been carried out against government, banking, and media targets. They tend to not exhibit sophisticated methods of hacking and instead exploit vulnerabilities in websites owned by small businesses.

The U.S. central command page was hacked by ISIS in 2015. 

Like the very act of terrorism itself, one of the main objectives of these attacks is to spread propaganda. The report finds that targets are in part chosen such that they’ll gain the most media coverage and notoriety amongst the public, even when they’re not all that effective.

Barack Obama earlier this month made his administration’s secret cyber attacks on ISIS more public, saying they are dropping cyber bombs on the terrorist organization. This likely means attacking financial institutions and other transfers of money to slow ISIS’s progress.

Flashpoint notes that while ISIS hackers are currently operating at novice level, there are a number of dark and deep web sites that are used as training grounds for hackers, both beginners and advanced techniques.

The Cyber Caliphate could gain in strength down the line, but this report is showing that those efforts have been minimal and ineffective to date.