Researchers Detailed Credential Abuse Cycle

The United States Department of Justice has unsealed an indictment against Anonymous Sudan, a hacking group responsible for distributed denial-of-service attacks. 

LameDuck, a new threat actor, has carried out several massive distributed denial of service (DDoS) attacks to affect critical infrastructure, cloud providers, and various industries. 

The group leverages social media to amplify its impact and offers DDoS-for-hire services, blurring the lines between politically motivated attacks and financially driven cybercrime. 

A cyber actor executed a variety of attacks targeting diverse entities, potentially motivated by a desire for notoriety rather than ideological beliefs, by actively using social media to publicize their actions and influence public perception.

Build an in-house SOC or outsource SOC-as-a-Service -> Calculate Costs

It is a Sudanese hacktivist group with ties to Russian groups like Killnet that conducted DDoS attacks targeting critical infrastructure and government websites, motivated by religious extremism and geopolitical interests, raising questions about the extent of Russian influence and potential state-sponsored involvement. 

It maximizes the visibility and impact of its cyberattacks by strategically targeting high-profile entities across various sectors and regions, including government, critical infrastructure, law enforcement, media, and tech. 

It targeted various industries, likely due to ideological opposition or the potential for widespread disruption. The selection of targets was influenced by factors such as user base size and the ease of execution, aiming to maximize impact and notoriety.

It has also targeted organizations based on geopolitical tensions and religious sentiments, attacking entities related to the Sudanese conflict, the Kenyan government, and countries perceived as Islamophobic, including Sweden, Canada, and Germany.

LameDuck, a Sudanese hacking group, has been actively targeting Israeli, Ukrainian, and Western organizations, including Cloudflare, with DDoS attacks and cyberattacks motivated by pro-Israeli and pro-Russian sentiments, as well as geopolitical tensions in the Middle East and Eastern Europe.

It engaged in DDoS-for-hire services and extortion attacks targeting a wide range of victims, including major corporations and online platforms, demanding significant sums of money to cease their operations.

By utilizing a Distributed Cloud Attack Tool (DCAT), it launches over 35,000 DDoS attacks. The DCAT comprised a C2 server, cloud-based servers, and open proxy resolvers, allowing LameDuck to orchestrate large-scale, distributed attacks. 

And overwhelmed victim websites with HTTP GET floods, leveraging rented servers and public cloud infrastructure to generate traffic. They often targeted high-cost endpoints for maximum disruption.

LameDuck strategically timed attacks to coincide with high-demand periods and employed a blitz approach to overwhelm targets and saturated subdomains. They also used low-RPS attacks to evade detection and leveraged threats and propaganda to instill fear and uncertainty. 

Organizations should implement DDoS mitigation services, WAFs, rate limiting, CDN caching, and robust response processes to mitigate DDoS attacks, focusing on Layer 3, Layer 7, and DNS protection.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!