BlackMeta, also known as SN_BlackMeta, emerged in November 2023 and has since claimed responsibility for numerous attacks on organizations in Israel, the United Arab Emirates, and the United States. Motivated primarily by a pro-Palestinian ideology, this threat actor displays an anti-Western stance and is suspected of having ties with Russia, as evidenced by its usage of Arabic, English, and Russian in posts. BlackMeta appears to be a rebranding of Anonymous Sudan, a group that gained notoriety last year for attacking targets alongside the loosely affiliated pro-Russian Killnet group. A comparison of attack frequency over the past eighteen months shows a decline in activity from Anonymous Sudan concurrent with an increase from BlackMeta.
Recently, BlackMeta announced plans to target a financial institution via Telegram, leading up to a significant Distributed Denial of Service (DDoS) operation. The group's modus operandi resembles that of Anonymous Sudan, which previously promoted its InfraShutdown DDoS attack service during assaults, encouraging other potential attackers to enlist. This method suggests that the group profits from its "hacktivism". According to cybersecurity firm Radware, if there's any connection between BlackMeta and Anonymous Sudan, it's highly probable that the premium InfraShutdown service was behind the 100-hour attack campaign that generated 14.7 million requests per second.
The recent attack campaign lasted six days, during which the targeted customer faced an average of 4.5 million requests 70% of the time. Differentiating between legitimate and malicious requests proved challenging, with 1.5 billion legitimate requests reaching the website over six days compared to 1.25 trillion malicious requests. Radware advises that rate-limiting bandwidth is not an effective solution for sustained application-layer attacks, as seen in the case of BlackMeta's extensive operation.
Description last updated: 2024-08-14T09:15:38.034Z