It is on Telegram that the group publishes its messages.
The profile picture is a hooded masked person in the desert.
On February 3 last week, the threat was published: “We declare cyber war against Sweden after the Koran burning”.
Later they warned of attacks against websites belonging to Swedish airports, hospitals, media houses and universities.
Several attacks appear to have been successful.
On Tuesday, among other things, the SAS website was down. SVT, Skellefteå Airport and several hospitals have been affected, and on Thursday the websites of some smaller train companies crashed after threats of new attacks.
The group writes on Telegram that they will continue until an official apology after the Koran burning comes.
Photo: Telegram
The expert: We have to be much better
Anne-Marie Eklund Löwinder, one of Sweden’s foremost experts on IT security, states that you can never know what the group’s real intention is, even if they claim it is about the burning of the Koran.
Hacker attacks have become part of the new era’s threat to society, she states.
Companies and authorities must be prepared for the coming of more and more sophisticated attacks, including with surveillance and better monitoring of the environment, says Anne-Marie Eklund Löwinder.
– Especially if you have some critical function that you want to be up and running. We need to be much better prepared for this type of event to happen, and take the measures that can be taken. And if you don’t have that competence yourself, you have to acquire it from others.
The SAS website was down this week. They are a big company. Is it difficult to protect against such attacks?
– There must also have been some type of data breach that took place, and information that was leaked. You don’t have to be exposed to that, I think. You should be able to do better there. But overload attacks can be difficult to avoid completely, that it is down for a while.
May become even more common
“Anonymous Sudan” is part of the larger “Anonymous network”, which is a loosely-knit network of hackers and cyber activists known for, among other things, denial-of-service (DDOS) attacks to draw attention to various issues, according to The Cyber Express.
In the case of Sweden, “Anonymous Sudan” states that the attacks will continue daily until Sweden officially apologizes for the Koran burning: “If it is freedom of speech, our attacks are also freedom of speech”.
Several of their posts on Telegram refer to the well-known Russian hacker network “Killnet”. And when “Anonymous Sudan” attacked SAS, pro-Russian hackers from the group UserSec claim to have helped.
After experts said Russia could be involved in the attacks, the group said they are “idiots” – and that they will become even more aggressive against Sweden before an apology for the Koran burning is delivered.
Anne-Marie Eklund Löwinder believes that hacker attacks may become more common in the future, also because it is a way to get attention.
But she does not want to draw any conclusions about what interests may lie behind the recent hacker attacks against Sweden.
– You should never point a finger there until you are properly on your feet.
That Russia would be involved, what do you think about that?
– It is as possible as anything else.
This is how an attack takes place – step by step
1. A cyber operation has a purpose to be achieved.
2. To understand how the objective can be achieved, the threat actor maps the targets to be exposed to cyber attacks. It can be about understanding which people or which technical environment is to be attacked.
3. When the threat actor knows how the objective can be achieved, the threat actor searches for vulnerabilities to exploit.
4. Vulnerabilities found are exploited by the threat actor.
5. After a successful cyber attack has been carried out, the threat actor may have more or less control over the target’s IT environment.
6. When the threat actor has the opportunity to act inside the IT environment, various activities can be carried out to achieve the purpose of the operation.
Source: Cyber security in Sweden 2021
Show more
The most common cyber attacks
1. Denial of Service attacks (DDoS)
This type of cyber attack overloads the system’s resources so that it cannot respond to service requests.
2. Password attacks
Cybercriminals can gain access to passwords by looking through someone’s desktop, through social manipulation, by breaking into databases, or by eavesdropping on connections to intercept unencrypted passwords.
3. SQL injection
The Structured Query Language programming language communicates with databases. A successful SQL injection attack can read and modify sensitive data.
Source: Microsoft
Show more
“Hacked stuff they hacked all over the world”
READ MORE: Hackers’ new threat: Targeting train companies
READ MORE: SAS exposed to cyber attack
READ MORE: “Russian group under false flag” behind IT attacks
