Darknet Parliament

Threat Actor Profile Updated 3 months ago

Download STIX

Preview STIX

Darknet Parliament is a threat actor collective formed by pro-Russian hacktivist groups Killnet, Anonymous Sudan, and the resurged REvil. This alliance was publicly announced on June 16th, as seen in a post on the Killnet Telegram channel. The formation of Darknet Parliament appears to be a response to the SWIFT international banking system's decision to cut off Russian banks following its illegal invasion of Ukraine. Their stated objective is to execute "massive" cyber attacks on Western financial systems, specifically targeting European and US banks, the US Federal Reserve System, and particularly aiming to paralyze the Society for Worldwide Interbank Financial Telecommunication (SWIFT). A successful Distributed Denial of Service (DDoS) attack on SWIFT could have global ramifications given its pivotal role in conducting worldwide financial transactions. There are speculations that Anonymous Sudan may have ties to Russia, reinforced by their recent announcement about forming the Darknet Parliament with other pro-Russian groups. These connections became more apparent when Anonymous Sudan declared its collaboration with KillNet and REvil to form the Darknet Parliament and orchestrate cyber attacks on European and U.S. financial institutions. It's worth noting that while there is potential for significant disruption, cybersecurity researchers have not observed any novel DDoS attacks or disruptions targeting their customers, despite mitigating approximately 10,000 Darknet Parliament actions on websites protected by Cloudflare. The activities of Darknet Parliament represent an escalation in cyber threats, with a focus on disrupting financial systems. The group's intention to launch a DDoS attack on SWIFT underscores this shift towards more ambitious targets. Moreover, Cloudflare's Q2 2023 report indicates a concerning trend, with attacks exceeding 3 hours having increased by 103% quarter-on-quarter. As such, the emergence of the Darknet Parliament underlines the need for robust cybersecurity measures within the financial sector and beyond, particularly in light of the evolving threat landscape.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Anonymous Sudan	1	Anonymous Sudan, a threat actor group known for its malicious cyber activities, has recently been the subject of increased attention in the cybersecurity industry. This entity, which could consist of a single individual, a private company, or part of a government organization, is responsible for exe

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Sudan

Ddos

Cyberscoop

Ransomware

Cloudflare

Outlook

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
REvil	Unspecified	1	REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
KillNet	Unspecified	1	Killnet is a pro-Russian threat actor group that has been linked to a series of disruptive cyberattacks, particularly targeting governments and organizations that have expressed support for Ukraine. The group's activities gained prominence after Russia was banned from the 2022 FIFA World Cup due to
Anonymoussudan	Unspecified	1	Anonymoussudan, a threat actor or malicious entity, has been identified as part of a recent wave of cyberattacks targeting Australian university websites. Partnering with the pro-Russian hacker group Killnet, these entities launched HTTP DDoS attacks in late March 2023, as observed by cybersecurity

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Darknet Parliament Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	8 months ago	How DDoS attacks are taking down even the largest tech companies
CERT-EU	a year ago	Newly Sophisticated DDoS Attacks Surged in Q223
CERT-EU	a year ago	Microsoft confirms June Outlook and OneDrive outages were caused by DDoS attacks \| Engadget
CERT-EU	a year ago	An ‘Alarming Escalation’ of Sophistication in DDoS Attacks, Cloudflare Says
CERT-EU	a year ago	Threat Actors Claim International Finance Corporation (IFC) Attack
CERT-EU	a year ago	Microsoft Blames Massive DDoS Attack for Azure, Outlook, and OneDrive Disruptions
CERT-EU	a year ago	Cloudflare reports 'alarming surge' in DDoS sophistication, escalation in recent months