Anonymous Sudan a religion-based hacker group and alleged to be part of Russian hacker group started its attacks on Indian cyber space from 08 April 2023. A part of the presentation made to the authorities is shared here.
ThreatMon has released IOC and Ip addresses of attack by Anonymous Sudan. Please update your Firewall to block them, if not relevant.
ThreatMon-Reports-IOC/IOC.txt at main · ThreatMon/ThreatMon-Reports-IOC · GitHub
In the ongoing cyber tit for tat started by #AnonymousSudan has counter attacked by #AnonymousIndia hackers group claims to have targeted the portals of #Malaysian government.
Earlier in the day a new Indonesian group #VulzSec in support of Hacktivist of Garuda created #Telegram channel and issued following statement. The group claims that it will publish INDIA RAIL DATA in 24 hours. No data as yet (1845hrs IST on 21 April 2023) been published.
In continued battle broken out between hackers of India and Indonesia, The established hacker group Hacktivist of Garuda have threated to join the battle.
In continued attack on Indian Cyberspace Indonesian Hacktivist claimed to have released 8 million e-commerce database from India. Authenticity of the claim stays unverified.
Story still unraveling here Anonymous India Hacker group claimed to have breached and collected data of 1 million citizens of Indonesia. While Indonesia has also stepped up its activities by attempting to breach Indian mobile phones by making WhatsApp calls and steal data. This vulnerability has been patched by WhatsApp long back but there is something cooking in these calls from Indonesia. NEED TO STAY ALERT, BLOCK and REPORT unexpected WhatsApp calls.
The impact of Indonesian hackers have been minimal. In case you are not aware, such attacks on India are far lesser than on European countries and Israel. But there has been spike in religion-based hackers attacking India. The lesson is that we need to undertake Cyber hygiene in same way we do brush and bath every day. Wash our hands the moment they are likely to have come in contact with viruses. Follow best practice. If required please seek help and guidance.
A new Hacker Group claimed to be from Nepal has formed up and attacked Pakistani sites. Most Pakistani Website stayed non available for hrs.
DSCI has also published a threat advisory on the cyber-attacks by Anonymous Sudan
On 11th April, Team Herox joined Anonymous Sudan to attack India for religious reason. It is presently not clear that action of Team Herox is in coordination with Anonymous Sudan or independent of it. Today at the start of the day 00:20 AM Team Herox claimed to attack UNI News website. At present the website is working fine. Another important issue independent of hack DDOS attack on UNI, is that UNI site by its own default is NOT secure. Hence penetration is possible due to poor cyber security practices followed by UNI. They need to do through check of websites as well as any connected databases and networks.
One thing is very clear by attacks by Anonymous Sudan as well as Team Herox is that these attacks were mild in nature. It means that these attacks probably have alternate objective which could be:
A. These attacks are diversionary tactics, actual attack is happening somewhere else in other form while defending teams are focussed on DDOS format.
B. These attacks are used for fund raising by these hacker groups, where they are looking for fund support from religious bigot institutions and nation state.
Therefore, advice is:
1. Please strenthen your WAF and keep an eye on its log.
2. Stay in touch with your ISPs to try blocking attacks at their level, if possible, CERT-In should coordinate.
3. If you are using WAF as a service like Cloudflare then please visit your contract to implement your SLAs.
In the meanwhile India arm emerged as Hamza Herox.
On 12th April 2023, Hacktivist Indonesia, a religious hacktivist group is claiming to target 12000 websites of India. The list released by the team includes both local and central government websites and private organisations. Morev details being gathered.