Cyber Security News

Researchers Detailed Credential Abuse Cycle

The United States Department of Justice has unsealed an indictment against Anonymous Sudan, a hacking group responsible for distributed denial-of-service attacks. 

LameDuck, a new threat actor, has carried out several massive distributed denial of service (DDoS) attacks to affect critical infrastructure, cloud providers, and various industries. 

The group leverages social media to amplify its impact and offers DDoS-for-hire services, blurring the lines between politically motivated attacks and financially driven cybercrime. 

A cyber actor executed a variety of attacks targeting diverse entities, potentially motivated by a desire for notoriety rather than ideological beliefs, by actively using social media to publicize their actions and influence public perception.

Build an in-house SOC or outsource SOC-as-a-Service -> Calculate Costs

It is a Sudanese hacktivist group with ties to Russian groups like Killnet that conducted DDoS attacks targeting critical infrastructure and government websites, motivated by religious extremism and geopolitical interests, raising questions about the extent of Russian influence and potential state-sponsored involvement. 

It maximizes the visibility and impact of its cyberattacks by strategically targeting high-profile entities across various sectors and regions, including government, critical infrastructure, law enforcement, media, and tech. 

It targeted various industries, likely due to ideological opposition or the potential for widespread disruption. The selection of targets was influenced by factors such as user base size and the ease of execution, aiming to maximize impact and notoriety.

It has also targeted organizations based on geopolitical tensions and religious sentiments, attacking entities related to the Sudanese conflict, the Kenyan government, and countries perceived as Islamophobic, including Sweden, Canada, and Germany.

LameDuck, a Sudanese hacking group, has been actively targeting Israeli, Ukrainian, and Western organizations, including Cloudflare, with DDoS attacks and cyberattacks motivated by pro-Israeli and pro-Russian sentiments, as well as geopolitical tensions in the Middle East and Eastern Europe.

It engaged in DDoS-for-hire services and extortion attacks targeting a wide range of victims, including major corporations and online platforms, demanding significant sums of money to cease their operations.

By utilizing a Distributed Cloud Attack Tool (DCAT), it launches over 35,000 DDoS attacks. The DCAT comprised a C2 server, cloud-based servers, and open proxy resolvers, allowing LameDuck to orchestrate large-scale, distributed attacks. 

And overwhelmed victim websites with HTTP GET floods, leveraging rented servers and public cloud infrastructure to generate traffic. They often targeted high-cost endpoints for maximum disruption.

LameDuck strategically timed attacks to coincide with high-demand periods and employed a blitz approach to overwhelm targets and saturated subdomains. They also used low-RPS attacks to evade detection and leveraged threats and propaganda to instill fear and uncertainty. 

Organizations should implement DDoS mitigation services, WAFs, rate limiting, CDN caching, and robust response processes to mitigate DDoS attacks, focusing on Layer 3, Layer 7, and DNS protection.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Google Announces Vanir, A Open-Source Security Patch Validation Tool

Google has officially launched Vanir, an open-source security patch validation tool designed to streamline and automate…

14 hours ago

New Transaction-Relay Jamming Vulnerability Let Attackers Exploits Bitcoin Nodes

A newly disclosed transaction-relay jamming vulnerability has raised concerns about the security of Bitcoin nodes,…

15 hours ago

Raspberry Pi 500 & Monitor, Complete Desktop Setup at $190

Raspberry Pi, a pioneer in affordable and programmable computing, has once again elevated its game…

15 hours ago

Qlik Sense for Windows Vulnerability Allows Remote Code Execution

Qlik has identified critical vulnerabilities in its Qlik Sense Enterprise for Windows software that could…

17 hours ago

QNAP High Severity Vulnerabilities Let Remote attackers to Compromise System

QNAP Systems, Inc. has identified multiple high-severity vulnerabilities in its operating systems, potentially allowing attackers…

19 hours ago

Healthcare Security Strategies for 2025

Imagine this: It's a typical Tuesday morning in a bustling hospital. Doctors make their rounds,…

20 hours ago