Blackmeta

Threat Actor updated a month ago (2024-08-14T10:00:05.173Z)
Download STIX
Preview STIX
BlackMeta, also known as SN_BlackMeta, emerged in November 2023 and has since claimed responsibility for numerous attacks on organizations in Israel, the United Arab Emirates, and the United States. Motivated primarily by a pro-Palestinian ideology, this threat actor displays an anti-Western stance and is suspected of having ties with Russia, as evidenced by its usage of Arabic, English, and Russian in posts. BlackMeta appears to be a rebranding of Anonymous Sudan, a group that gained notoriety last year for attacking targets alongside the loosely affiliated pro-Russian Killnet group. A comparison of attack frequency over the past eighteen months shows a decline in activity from Anonymous Sudan concurrent with an increase from BlackMeta. Recently, BlackMeta announced plans to target a financial institution via Telegram, leading up to a significant Distributed Denial of Service (DDoS) operation. The group's modus operandi resembles that of Anonymous Sudan, which previously promoted its InfraShutdown DDoS attack service during assaults, encouraging other potential attackers to enlist. This method suggests that the group profits from its "hacktivism". According to cybersecurity firm Radware, if there's any connection between BlackMeta and Anonymous Sudan, it's highly probable that the premium InfraShutdown service was behind the 100-hour attack campaign that generated 14.7 million requests per second. The recent attack campaign lasted six days, during which the targeted customer faced an average of 4.5 million requests 70% of the time. Differentiating between legitimate and malicious requests proved challenging, with 1.5 billion legitimate requests reaching the website over six days compared to 1.25 trillion malicious requests. Radware advises that rate-limiting bandwidth is not an effective solution for sustained application-layer attacks, as seen in the case of BlackMeta's extensive operation.
Description last updated: 2024-08-14T09:15:38.034Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Anonymous Sudan
2
Anonymous Sudan, a threat actor group known for its malicious activities, has been actively involved in promoting a new Distributed Denial of Service (DDoS) botnet service named “Skynet-GodzillaBotnet” as of February 26, 2024. The group is recognized for its previous DDoS attacks on the encrypted me
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Blackmeta Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
a month ago
Pro-Palestinian Actor Levels 6-Day DDoS Attack on UAE Bank