- 116/2023
- High
Anonymous Sudan is a group known for their hacktivist activities targeting many sectors across the world such as government, banking, and medicine.
Anonymous Sudan is mostly involved in DDoS attacks and rarely in other types of attacks against major countries such as Sweden, Germany, France, and the United Arab Emirates.
Recently, the threat group made a public announcement stating their responsibility for carrying out a DDoS attack on one of the biggest banks in the UAE. They claim to have successfully disrupted the bank’s website for approximately 2.5 hours, as indicated in their recent posts on their Telegram channel.
Tactics and Techniques:
- Compromise Infrastructure Botnet:
During their operations, adversaries may compromise multiple third-party systems to create a botnet that can be utilized for their specific targeting purposes.
- Exploit Public-Facing Applications:
The threat actor may exploit vulnerabilities in Internet-facing computers or programs by utilizing software, data, or commands to trigger unintended or unanticipated behavior, thereby gaining unauthorized access or causing disruptions.
- Defacement:
The mentioned threat actor may modify visual content available internally or externally to an enterprise network to deliver messages, intimidation, or claim credit for an intrusion.
- Network Denial of Service:
Network Denial of Service (DoS) attacks are used by threat actors to block or degrade the availability of targeted resources. Network DoS can be performed by exhausting the network bandwidth services rely on. Websites, email services, DNS, and web-based applications are examples of resources. Adversaries have been observed conducting network DoS attacks for political purposes and to support other malicious activities, including distraction hacktivism, and extortion.
The list of IP addresses used by the mentioned APT for their attacks should be used by constituents for threat hunting activities to detect potential indicators of ongoing attacks, The updated list ThreatMon-AnonymousSudan-IOC.
Mitigations
- Implementing network and application-layer DDoS protection solutions to detect and mitigate DDoS attacks.
- Conducting regular DDoS testing and vulnerability assessments.
- Developing an incident response plan that includes procedures for handling DDoS attacks.
- Monitoring network traffic and systems for signs of DDoS activity.
- Collaborating with Internet service providers (ISPs) and hosting providers to establish DDoS mitigation strategies.
- Ensuring the availability of critical services and minimizing the impact of DDoS attacks on payment processing systems.