Blackmeta

BlackMeta, also known as SN_BlackMeta, emerged as a significant threat actor in November 2023. This group is primarily motivated by a pro-Palestinian ideology and an anti-Western stance, with suspected links to Russia. BlackMeta has claimed responsibility for multiple attacks on organizations in Israel, the United Arab Emirates (UAE), and the United States. The group predominantly communicates in Arabic, English, and Russian and has been particularly active on social media platforms, where it announces its targets and claims successful attacks. Notably, BlackMeta has targeted companies associated with the US or those perceived as supporting Israel. The group's tactics include launching Distributed Denial of Service (DDoS) attacks, which have been notably severe. In one instance, they targeted a financial institution, pre-announcing their intentions on Telegram. This attack lasted over six days, during which time the target was bombarded with an average of 4.5 million requests 70% of the time. This volume of malicious traffic makes it challenging for targets to differentiate between legitimate and malicious requests. BlackMeta has also offered its InfraShutdown DDoS attack service to other would-be attackers, suggesting a profit motive alongside their ideological motivations. It appears that BlackMeta may be a rebranding of Anonymous Sudan, a group known for similar attacks and affiliations. There has been a noticeable shift in activity levels, with Anonymous Sudan's activity dwindling as BlackMeta's increases. Both groups have connections with the pro-Russian Killnet group. Given these factors, it is crucial for organizations, especially those in the targeted regions or industries, to take appropriate cybersecurity measures against potential attacks from this threat actor.