Blackmeta

Threat Actor updated a month ago (2024-11-29T13:50:22.377Z)
Download STIX
Preview STIX
BlackMeta, also known as SN_BlackMeta or DarkMeta, is a threat actor group that emerged in November 2023. The group has a history of claiming responsibility for attacks against organizations in Israel, the United Arab Emirates (UAE), and the United States. BlackMeta publicly announced its intent to attack a financial institution via Telegram prior to the operation. The group's modus operandi includes Distributed Denial of Service (DDoS) attacks, with one notable campaign lasting six days and averaging 4.5 million requests 70% of the time. The group has been linked to pro-Palestinian hacktivist activities, often targeting entities they perceive as supporting Israel. In October, BlackMeta claimed responsibility for a DDoS attack on a financial institution's site, which lasted six days and included multiple waves of web requests lasting anywhere from four to 20 hours. This attack was part of a larger campaign that saw 1.25 trillion malicious requests targeting the site over a six-day period, making it challenging for the victim to differentiate between legitimate and malicious traffic. In July, BlackMeta targeted a bank in the UAE with a DoS campaign that lasted more than 100 hours over six days. These attacks are typically preceded by public announcements on social media platforms. There is speculation that BlackMeta may be a rebranding of Anonymous Sudan, another threat actor group. This hypothesis is based on the observation that the activity of Anonymous Sudan dwindled at the same time BlackMeta's activity increased. Both groups have been associated with pro-Palestinian hacktivist activities and have targeted similar geographic regions and sectors. Furthermore, BlackMeta appears to financially benefit from its "hacktivism" by offering an InfraShutdown DDoS attack service to other would-be attackers.
Description last updated: 2024-10-22T17:44:06.450Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Anonymous Sudan is a possible alias for Blackmeta. Anonymous Sudan is a threat actor that has been involved in executing numerous Distributed Denial of Service (DDoS) attacks against various entities worldwide between January 2023 and March 2024. The group consistently used social media platforms, notably Telegram, to claim responsibility for their
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Hacktivist
Ddos
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Blackmeta Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more