SAS airline was hacked again

Scandinavian Airlines has reportedly been breached for the second time this year by the pro-Russian hacker group Anonymous Sudan, bringing down the SAS website and its airline application for several hours.

On May 24, 2023, at around 6:30 a.m. EDT, SAS customers began complaining on Twitter about not being able to access the airline's website. Around the same time, the Anonymous Sudan hacking group topped this message on their encrypted Telegram channel.

The group then offered a ransom of $3,500 to stop the attack. The group told SAS that they had one hour to negotiate with their Anonymous Sudan bot on Telegram or they could be subjected to a full day of serial attacks, as well as leaking some user information, among other things.

During the attack, SAS tweeted to its customers that the official Danish version of the airline's website was still up and running and that users could log in and use it.

Tellingly, the Anonymous Sudan group then posted, "Ironically, thank you for giving us your other site for us to f@#$ also, keep going."

According to SAS's website, the flagship airlines of Denmark, Norway and Sweden typically have more than 800 scheduled daily flights to more than 130 destinations around the world. In February, the Anonymous Sudan hacking group claimed the attack on the airline was part of a Valentine's Day attack against Sweden that brought down the SAS website for several hours and compromised sensitive passenger data. The Valentine's Day attack also included several Swedish media outlets.

The group claimed that the attack on Swedish companies was in retaliation for the burning of a Quran by a prominent Swedish/Danish politician during a protest in Stockholm in January in support of Sweden's membership in NATO.

Finally, it can be confirmed that the SAS website and application were offline at various times throughout Wednesday and remained offline until late afternoon.

Anonymous Sudan group is here to stay

The Sudan-based hacker group, which first appeared in January of this year, seems to target mainly religious reasons, in addition to some ethnic activities.

The Anonymous Sudan group is known to work closely with other Russian-linked groups, such as KillNet and an emerging hacking group known as UserSec.

The three groups typically attack their victims using distributed denial-of-service (DDoS) attacks, which typically flood a website's servers with traffic requests, causing the network to overload and shut down. In addition to the attacks in Sweden, the group has recently joined the KillNet campaign against NATO and EU member states.

Last month, the Anonymous Sudan group launched a sustained attack on Israel's critical infrastructure. In just one day, more than forty organizations in Israel were subjected to cyber attacks, including the personal website of Israeli Prime Minister Benjamin Netanyahu and Israel's secret spy agency, Mossad.