Monday, December 23, 2024
HomeCyber CrimeResearchers Detailed Credential Abuse Cycle

Researchers Detailed Credential Abuse Cycle

Published on

SIEM as a Service

The United States Department of Justice has unsealed an indictment against Anonymous Sudan, a hacking group responsible for distributed denial-of-service attacks. 

LameDuck, a new threat actor, has carried out several massive distributed denial of service (DDoS) attacks to affect critical infrastructure, cloud providers, and various industries. 

The group leverages social media to amplify its impact and offers DDoS-for-hire services, blurring the lines between politically motivated attacks and financially driven cybercrime. 

- Advertisement - SIEM as a Service

A cyber actor executed a variety of attacks targeting diverse entities, potentially motivated by a desire for notoriety rather than ideological beliefs, by actively using social media to publicize their actions and influence public perception.

Build an in-house SOC or outsource SOC-as-a-Service -> Calculate Costs

It is a Sudanese hacktivist group with ties to Russian groups like Killnet that conducted DDoS attacks targeting critical infrastructure and government websites, motivated by religious extremism and geopolitical interests, raising questions about the extent of Russian influence and potential state-sponsored involvement. 

It maximizes the visibility and impact of its cyberattacks by strategically targeting high-profile entities across various sectors and regions, including government, critical infrastructure, law enforcement, media, and tech. 

It targeted various industries, likely due to ideological opposition or the potential for widespread disruption. The selection of targets was influenced by factors such as user base size and the ease of execution, aiming to maximize impact and notoriety.

It has also targeted organizations based on geopolitical tensions and religious sentiments, attacking entities related to the Sudanese conflict, the Kenyan government, and countries perceived as Islamophobic, including Sweden, Canada, and Germany.

LameDuck, a Sudanese hacking group, has been actively targeting Israeli, Ukrainian, and Western organizations, including Cloudflare, with DDoS attacks and cyberattacks motivated by pro-Israeli and pro-Russian sentiments, as well as geopolitical tensions in the Middle East and Eastern Europe.

It engaged in DDoS-for-hire services and extortion attacks targeting a wide range of victims, including major corporations and online platforms, demanding significant sums of money to cease their operations.

By utilizing a Distributed Cloud Attack Tool (DCAT), it launches over 35,000 DDoS attacks. The DCAT comprised a C2 server, cloud-based servers, and open proxy resolvers, allowing LameDuck to orchestrate large-scale, distributed attacks. 

And overwhelmed victim websites with HTTP GET floods, leveraging rented servers and public cloud infrastructure to generate traffic. They often targeted high-cost endpoints for maximum disruption.

LameDuck strategically timed attacks to coincide with high-demand periods and employed a blitz approach to overwhelm targets and saturated subdomains. They also used low-RPS attacks to evade detection and leveraged threats and propaganda to instill fear and uncertainty. 

Organizations should implement DDoS mitigation services, WAFs, rate limiting, CDN caching, and robust response processes to mitigate DDoS attacks, focusing on Layer 3, Layer 7, and DNS protection.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store,...

Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide

The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store,...