Wednesday, November 6, 2024
HomeCyber CrimeResearchers Detailed Credential Abuse Cycle

Researchers Detailed Credential Abuse Cycle

Published on

Malware protection

The United States Department of Justice has unsealed an indictment against Anonymous Sudan, a hacking group responsible for distributed denial-of-service attacks. 

LameDuck, a new threat actor, has carried out several massive distributed denial of service (DDoS) attacks to affect critical infrastructure, cloud providers, and various industries. 

The group leverages social media to amplify its impact and offers DDoS-for-hire services, blurring the lines between politically motivated attacks and financially driven cybercrime. 

- Advertisement - SIEM as a Service

A cyber actor executed a variety of attacks targeting diverse entities, potentially motivated by a desire for notoriety rather than ideological beliefs, by actively using social media to publicize their actions and influence public perception.

Build an in-house SOC or outsource SOC-as-a-Service -> Calculate Costs

It is a Sudanese hacktivist group with ties to Russian groups like Killnet that conducted DDoS attacks targeting critical infrastructure and government websites, motivated by religious extremism and geopolitical interests, raising questions about the extent of Russian influence and potential state-sponsored involvement. 

It maximizes the visibility and impact of its cyberattacks by strategically targeting high-profile entities across various sectors and regions, including government, critical infrastructure, law enforcement, media, and tech. 

It targeted various industries, likely due to ideological opposition or the potential for widespread disruption. The selection of targets was influenced by factors such as user base size and the ease of execution, aiming to maximize impact and notoriety.

It has also targeted organizations based on geopolitical tensions and religious sentiments, attacking entities related to the Sudanese conflict, the Kenyan government, and countries perceived as Islamophobic, including Sweden, Canada, and Germany.

LameDuck, a Sudanese hacking group, has been actively targeting Israeli, Ukrainian, and Western organizations, including Cloudflare, with DDoS attacks and cyberattacks motivated by pro-Israeli and pro-Russian sentiments, as well as geopolitical tensions in the Middle East and Eastern Europe.

It engaged in DDoS-for-hire services and extortion attacks targeting a wide range of victims, including major corporations and online platforms, demanding significant sums of money to cease their operations.

By utilizing a Distributed Cloud Attack Tool (DCAT), it launches over 35,000 DDoS attacks. The DCAT comprised a C2 server, cloud-based servers, and open proxy resolvers, allowing LameDuck to orchestrate large-scale, distributed attacks. 

And overwhelmed victim websites with HTTP GET floods, leveraging rented servers and public cloud infrastructure to generate traffic. They often targeted high-cost endpoints for maximum disruption.

LameDuck strategically timed attacks to coincide with high-demand periods and employed a blitz approach to overwhelm targets and saturated subdomains. They also used low-RPS attacks to evade detection and leveraged threats and propaganda to instill fear and uncertainty. 

Organizations should implement DDoS mitigation services, WAFs, rate limiting, CDN caching, and robust response processes to mitigate DDoS attacks, focusing on Layer 3, Layer 7, and DNS protection.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Rise Of Ransomware-As-A-Service Leads To Decline Of Custom Tools

Ransomware-as-a-Service (RaaS) platforms have revolutionized the ransomware market.Unlike traditional standalone ransomware sales, RaaS...

North Korean Hackers Employing New Tactic To Acruire Remote Jobs

North Korean threat actors behind the Contagious Interview and WageMole campaigns have refined their...

CRON#TRAP Campaign Attacks Windows Machine With Weaponized Linux Virtual Machine

Weaponized Linux virtual machines are used for offensive cybersecurity purposes, such as "penetration testing"...

HookBot Malware Use Overlay Attacks Impersonate As Popular Brands To Steal Data

The HookBot malware family employs overlay attacks to trick users into revealing sensitive information...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Rise Of Ransomware-As-A-Service Leads To Decline Of Custom Tools

Ransomware-as-a-Service (RaaS) platforms have revolutionized the ransomware market.Unlike traditional standalone ransomware sales, RaaS...

North Korean Hackers Employing New Tactic To Acruire Remote Jobs

North Korean threat actors behind the Contagious Interview and WageMole campaigns have refined their...

CRON#TRAP Campaign Attacks Windows Machine With Weaponized Linux Virtual Machine

Weaponized Linux virtual machines are used for offensive cybersecurity purposes, such as "penetration testing"...