Anonymous Sudan Claims Successful Takedown of First Abu Dhabi Bank Website & Application Via DDoS Attacks
CloudSEK’s contextual AI digital risk platform XVigil discovered the threat actor group Anonymous Sudan claiming responsibility for disrupting the services of the First Abu Dhabi Bank website and application.
Updated on
May 29, 2023
Published on
May 29, 2023
Read MINUTES
8
Subscribe to the latest industry news, threats and resources.
On 21 May 2023, CloudSEK’s contextual AI digital risk platform XVigil discovered the threat actor group Anonymous Sudan claiming responsibility for disrupting the services of the First Abu Dhabi Bank website and application. The Attack was conducted under the context of the UAE’s Geopolitical Stance and its support for the Rapid Support forces. Additionally, the discussions in the group suggest that such DDoS attacks would continue and escalate in the UAE.
Snapshot from the Groups Telegram Channel
Affected Entities
The threat actor group, Anonymous Sudan, shared a screenshot of the First Abu Dhabi Bank (FAB) application under system maintenance, claiming responsibility for taking down both the FAB website and application.
FAB Website targeted with DDoS
First Abu Dhabi Bank : https://bankfab.com/en-ae/personal
The group has three main attack vectors as observed until now, out of the three, DDoS attacks are the predominant ones in comparison to the other two. The attack vectors are:
The Hacktivist group modifies websites and adds images & Videos of their cause with Names and Account IDs which violates the integrity of the webpage and the domain.
2. DDoS Attacks (Network Denial of Service(T1498.001: Direct Network Flood, T1498.002: Reflection Amplification)):
The Hacktivist group conducts DDoS attacks on organizations to disrupt or shut down the online operations of the targeted organizations, causing inconvenience or damage to their operations.
The DDoS Attack method has been the most employed attack vector for the group.
IOCs for the DDoS attacks have been attached in the below IOC Section
In some observed instances, the group has been found to compromise the accounts of users of the targeted entities. This is likely accomplished through a method known as credential stuffing, which involves using compromised data that is openly available from various sources on Dark web forums & Telegram Channels.
This technique involves the automated injection of previously breached username and password combinations into login pages, in order to gain unauthorized access to the targeted accounts of users of the organization.
Information on the Group
The group “Anonymous Sudan” has been observed to conduct DDoS attacks and breach multiple public and government organizations since January 2023.
They identify themselves as Sudanese hacktivists with political motivations.
The group has been seen actively participating in attacks initiated by Killnet as it claims to be a part of Killnet.
Multiple large and famous Russian hacktivists were observed promoting Anonymous Sudan in their private and public telegram channel.
A representative from Anonymous that Anonymous Sudan is not Anonymous and that there is no connection between them.
It was mentioned by a source that Anonymous Sudan uses a cluster of 61 paid servers hosted in Germany to generate the traffic volume required for a DDoS attack.
Threat Actor Activity and Rating
Threat Actor Profiling
Active since
January 18, 2023
Hashtags
#AnonymousSudan #Infinity Hackers Group #KILLNET #ANONYMOUS RUSSIA #FuckNato #OpSweden #OpSudan
Geolocation
Claimed to be from Sudan but Telegram registration denotes Russia.
More information and context about Underground Chatter
On-Demand Research Services
Global Threat Intelligence Feed
Protect and proceed with Actionable Intelligence
The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.