Hacker group Anonymous Sudan made good on its threat to target Indian organizations. After a DDoS attack on the Cochin International Airport’s (CIAL) website over the weekend, the threat group has listed six new targets.
The latest list includes India’s prestigious medical Institution, AIIMS and the largest public sector bank, the State Bank of India (SBI), among other organizations.
The hacker group claimed that the DDoS attack on Indian airports, including CIAL, was “because of what they are doing to Muslims”. However, The Cyber Express took a closer look and revealed a different picture.
Anonymous Sudan and the latest Indian targets
If Anonymous Sudan acts on the latest threat list, the ripple effect will be felt all over the Indian economy.
The State Bank of India is one of the largest employers in the world, with 245,652 employees as on March 2021.
The public sector bank is the largest bank in India, with a 23% market share by assets and a 25% share of the total loan and deposits market. It is the 49th largest bank in the world by total assets.
All India Institute of Medical Sciences, New Delhi (AIIMS Delhi) is a public medical research university and hospital in New Delhi, India. It was in the cybersecurity news after a ransomware attack in December 2022.
The Indian Railway Catering and Tourism Corporation (IRCTC), the public sector undertaking that provides ticketing, catering, and tourism services for the Indian Railways, holds the details of literally anyone who reserved a train ticket.
The firm faced consecutive data breaches recently, putting its cybersecurity posture in question.
The threat group’s Telegram channel listed major Indian airports including CIAL on 8 April as their prospective victims.
The DDoS attack on CIAL happened soon. The attack was discovered by the airport’s IT team, who noticed unusual activity on the website.
The team immediately took steps to contain the attack and ensure that no sensitive information was compromised, reported Indian daily The Hindu.
The CIAL IT team has advised all users of the website to be vigilant and to report any suspicious activity immediately.
They have also assured passengers that the airport’s operations have not been affected by the attack, and that flights are operating as normal, the report added.
Anonymous Sudan, India, and hidden links
An hour after the post targeting Indian airports, Anonymous Sudan claimed that it hit Indian ecommerce majors Snapdeal, Tata Cliq, and Flipkart.
“3 Indian e-commerce companies have been hacked and some data will be leaked for proof,” said the post, followed by another with Word documents of sample data. The Cyber Express is yet to verify the authenticity of the sample data.
Interestingly, an unknown group that calls itself GoneTeam, has claimed of launching a counter attack. Instead of hitting the Anonymous Sudan servers or tracing its promoters, the group chose the Sea Ports Corporation, Sudan, as its target.
Apart from the choice of a totally unrelated target, what strikes odd is that the threat note was written in Esperanto, an artificial language popular only among a few academics and linguists scattered across the world.
“Infrastructure: India Airports has been down Because Of What They Are Doing To Muslims,” read the declaration on the Telegram channel post on 8 April.
However, cybersecurity researchers have found that the group’s pro-Muslim claim is a front for covert operations that align with Russian interests.
Take the case of Sweden, a country on which Anonymous Sudan unleashed a chain of attacks in the recent weeks.
The attacks were claimed to be in retaliation for a vitriolic Islamophobic campaign on January 25, 2023, organized by controversial far-right journalist Rasmus Paludan, a dual Danish-Swedish national with a history of carrying out similar acts.
According to reports in Swedish media, the demonstration permit for Paludan was financed by Chang Frick, a former contributor to the Kremlin-supported channel RT.
The apparent motive was blocking Sweden’s impending entry into NATO, which was against the Russian interests in the region, reported The Guardian.
As if on cue, Anonymous Sudan jumped in with its Islam protection rhetoric. NATO member Turkey was livid, increasing the possibility that the country would veto Sweden’s entry.
However, the plans of the perpetrators did not work out. Sweden eventually got Turkey’s nod.
Killnet, Russia, and Anonymous Sudan
Anonymous Sudan has been consistently targeting Israel and India, who have been friendly with Russia recently, which obfuscates attempts to find the threat group’s real intentions and any pattern in their attacks.
The threat group has been launching DDoS attacks on Swedish, Dutch, Australian, and German firms, claiming to be in retaliation for anti-Muslim activities there, but a deeper look found some hidden ties, researchers said.
An investigation by the Trustwave SpiderLabs research team revealed that Anonymous Sudan is likely a sub-group of Killnet, a Pro-Russian threat actor group with whom they have publicly identified.
“SpiderLabs cannot confirm that the group is based in Sudan, nor if any of its members are from that nation, but based on the evidence available, it seems quite likely that Anonymous Sudan is a Killnet project, possibly including some Eastern European members,” the report said.
Anonymous Sudan too has been vocal in its support for Killnet recently, diverting from the image of an independent operations.
“Sudanese Hackers support Russian Hackers for their support of Sudan earlier,” the group said in its latest Telegram post, targeting NATO facilities.
https://tgstat.ru/en/channel/@AnonymousSudan/396
“Anonymous Sudan has been officially recognized as a member of Killnet’s group of hacktivists targeting western countries opposing Russia due to their shared objectives regarding Sweden,” noted SOC Radar.
“However, there are suspicions that Anonymous Sudan may be a Russian government operation.”
