Today the United States Department of Justice, in conjunction with industry partners Akamai SIRT, Amazon Web Services, Cloudflare, Crowdstrike, DigitalOcean, Flashpoint, Google, Microsoft, PayPal, and SpyCloud β announced the indictment of 2 brothers believed to be behind Anonymous Sudan via Operation PowerOFF.
Anonymous Sudan is allegedly operated by Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27. Both individuals resided in Sudan, as their group name states.
Previously, some Cyber Threat Intelligence researchers speculated Anonymous Sudan to be state-sponsored by the Russian Federation due to the frequent regurgitation of Russian propaganda. Interesting, they are NOT state sponsored β the information they disclosed regarding themselves was indeed true. They were indeed from Sudan and were not affiliated with any government entity.
The United States Department of Justice has seized and taken down infrastructure of Anonymous Sudan which includes their tooling ("Godzilla", "Skynet", and "InfraShutdown"). They believe Anonymous Sudan to has caused approx. $10,000,000 in damage.
Throughout their brief tenure 2023 and 2024, they are believed to have launched over 35,000 DDoS attacks and targeted nearly 70 companies.
The United States Department of Justice has confirmed the individuals behind Anonymous Sudan are in custody and are being questioned by the United States Federal Bureau of Investigation.
If convicted Ahmed Salah Yousif Omer, 22, is facing life in prison. His brother, Alaa Salah Yusuuf Omer, 27, is facing 5 years in prison.
https://www.justice.gov/usao-cdca/pr/two-sudanese-nationals-indicted-alleged-role-anonymous-sudan-cyberattacks-hospitals
Anonymous Sudan is allegedly operated by Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27. Both individuals resided in Sudan, as their group name states.
Previously, some Cyber Threat Intelligence researchers speculated Anonymous Sudan to be state-sponsored by the Russian Federation due to the frequent regurgitation of Russian propaganda. Interesting, they are NOT state sponsored β the information they disclosed regarding themselves was indeed true. They were indeed from Sudan and were not affiliated with any government entity.
The United States Department of Justice has seized and taken down infrastructure of Anonymous Sudan which includes their tooling ("Godzilla", "Skynet", and "InfraShutdown"). They believe Anonymous Sudan to has caused approx. $10,000,000 in damage.
Throughout their brief tenure 2023 and 2024, they are believed to have launched over 35,000 DDoS attacks and targeted nearly 70 companies.
The United States Department of Justice has confirmed the individuals behind Anonymous Sudan are in custody and are being questioned by the United States Federal Bureau of Investigation.
If convicted Ahmed Salah Yousif Omer, 22, is facing life in prison. His brother, Alaa Salah Yusuuf Omer, 27, is facing 5 years in prison.
https://www.justice.gov/usao-cdca/pr/two-sudanese-nationals-indicted-alleged-role-anonymous-sudan-cyberattacks-hospitals
www.justice.gov
Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan
A federal grand jury indictment unsealed today charges two Sudanese nationals with operating and controlling Anonymous Sudan, an online cybercriminal group responsible for tens of thousands of Distributed Denial of Service (DDoS) attacks against criticalβ¦
π30π€―12π₯°7π€£6β€5π’3π2π€2
Remember that video game 0day we mentioned? The rumors were true.
Read the post for more details. The tl;dr is an exploit can trigger Call of Duty anticheat and get innocent people banned.
It appears the individuals using the exploit have framed popular video game streamers.
Read the post for more details. The tl;dr is an exploit can trigger Call of Duty anticheat and get innocent people banned.
It appears the individuals using the exploit have framed popular video game streamers.
π€£72π±31π7π₯7π4π€4π’3β€2
Regarding our previous discussions on the Call of Duty exploit: we have decided to translate the post into verbage we believe Call of Duty players may comprehend better.
Translation:
tbh p much like, a long ass time ago we heard mfers found a way to put known garbage ass cheats into mfers pcs. the cod anticheat ricochet thing was hella janky and somehow some dorky ass losers could sneak shit into ppls shit. they was using that shit to ban streamers they didnt like LMAO then like, when they were dying watching mfers accuse this innocent ppl of cheating. its wild as hell tbh. but like, now some mfers wanna expose that shit publicly because, idk, ig they wanna shame call of duty and get clout and redeem some ppl because some mfers feel bad innocent cuz innocent ppl got cooked. its prolly legit bcuz we know some of these ppl and theyre p cool and legit, idk tho id bet its like, 95% real.
Translation:
tbh p much like, a long ass time ago we heard mfers found a way to put known garbage ass cheats into mfers pcs. the cod anticheat ricochet thing was hella janky and somehow some dorky ass losers could sneak shit into ppls shit. they was using that shit to ban streamers they didnt like LMAO then like, when they were dying watching mfers accuse this innocent ppl of cheating. its wild as hell tbh. but like, now some mfers wanna expose that shit publicly because, idk, ig they wanna shame call of duty and get clout and redeem some ppl because some mfers feel bad innocent cuz innocent ppl got cooked. its prolly legit bcuz we know some of these ppl and theyre p cool and legit, idk tho id bet its like, 95% real.
π€£142π€27π7β€6π4π€―3π’3π―2π₯1π€1
Happy to announce we now have 31,335,000 unique malwares.
We're slowly creeping our way up to the big 40,000,000. When we hit 40,000,000 malwares we're going to throw a pizza party, but limit 0.00012 slices per person and the only drinks available is tap water.
We're slowly creeping our way up to the big 40,000,000. When we hit 40,000,000 malwares we're going to throw a pizza party, but limit 0.00012 slices per person and the only drinks available is tap water.
π136π€£43π₯16π€8β€7π5π₯°4π’3β€βπ₯1
Call of Duty exploit dropped.
tl;dr using the string "Trigger Bot" in Call of Duty gets someone banned. Attached image shows getting someone banned. File attached gives a little more detail.
tl;dr using the string "Trigger Bot" in Call of Duty gets someone banned. Attached image shows getting someone banned. File attached gives a little more detail.
π₯39π€£17π’2π€2π1
π«‘37π€£24π4π€4π’2π€―1π―1
vx-underground
Call of Duty exploit dropped. tl;dr using the string "Trigger Bot" in Call of Duty gets someone banned. Attached image shows getting someone banned. File attached gives a little more detail.
We were under the impression, based on scarce details we received, this was a remote-code-execution 1337 exploit. This is not a super 1337 bug. This is... probably one of the silliest things we've seen in awhile...
π€£104π9π€5π4π«‘2π’1
vx-underground
Cod Exploit.pdf
Translation:
lmfao if u make an accnt or something named like, "420 Trigger Bot 420" n send ur ops a friend request the anticheat thinks they got a cheat loaded cuz of the "Trigger Bot" word. LMFAO πππ.theyll get banned n then u just tell everyone theyre cheaters. ez W
lmfao if u make an accnt or something named like, "420 Trigger Bot 420" n send ur ops a friend request the anticheat thinks they got a cheat loaded cuz of the "Trigger Bot" word. LMFAO πππ.theyll get banned n then u just tell everyone theyre cheaters. ez W
π€£95π16π―9π±7π’4π€4π3β€2π€1
Today following the disclosure of a Call of Duty Ricochet vulnerability which allows the arbitrary banning of users, another researcher operating under the moniker "Timoxa5651" disclosed a method to arbitrarily banning users under the BattleEye anticheat
https://www.unknowncheats.me/forum/anti-cheat-bypass/667333-bannleeye-banning-arbitrary-players-using.html#post4228108
https://www.unknowncheats.me/forum/anti-cheat-bypass/667333-bannleeye-banning-arbitrary-players-using.html#post4228108
UnKnoWnCheaTs
BannleEye - Banning arbitrary players using BE
Epic tutorial on how to permanently ban any player on (mostly) any game that uses The Golden Standard - BattleEye. Shortly an explanation how BEClient
π69π€£16β€6π4π₯3π€―2π’1π―1
Threat Actors: our malware is FUD, completely evasive, and is cutting edge.
Also Threat Actors: Hardcoded string letting analysts know how they feel about the new Google Chrome updates, also inadvertently making it easier to identify them.
Image via RussianPanda9xx
Also Threat Actors: Hardcoded string letting analysts know how they feel about the new Google Chrome updates, also inadvertently making it easier to identify them.
Image via RussianPanda9xx
π€£123π11β€6π«‘4π€©2π1π€1
vx-underground
Photo
Stole the format from this cat meme.
π₯°126π€£30β€13π€5π€―4π’2π«‘2β€βπ₯1
vx-underground
> go to doctors office > nurse comes in > logs into room PC > talks > leaves room > doesn't lock PC
fighting intrusive thoughts π
π144π41π―10β€βπ₯4β€2π’1
Yesterday it was reported via TechCrunch and GossiTheDog that Microsoft has made, as what we describe, an oopsie doopsie.
Microsoft lost customer security logs for their cloud product from September 2nd - September 19th.
Β―\_(γ)_/Β―
More information: https://techcrunch.com/2024/10/17/microsoft-said-it-lost-weeks-of-security-logs-for-its-customers-cloud-products/
Microsoft lost customer security logs for their cloud product from September 2nd - September 19th.
Β―\_(γ)_/Β―
More information: https://techcrunch.com/2024/10/17/microsoft-said-it-lost-weeks-of-security-logs-for-its-customers-cloud-products/
TechCrunch
Microsoft said it lost weeks of security logs for its customers' cloud products | TechCrunch
Missing logs could make it more difficult to identify unauthorized access to the customers' networks during that two-week window.
π€£90π€14β€3π€3π2π’2π2π1
Hello,
We were unaware the cute wizard cat image we used was associated with a cryptocurrency. We are not shilling cryptocurrencies, we just think it's a cute kitty cat. In other news, thanks to this discovery, we have found more cute wizard kitty cats.
We were unaware the cute wizard cat image we used was associated with a cryptocurrency. We are not shilling cryptocurrencies, we just think it's a cute kitty cat. In other news, thanks to this discovery, we have found more cute wizard kitty cats.
β€βπ₯103π€16π«‘12π7β€4π4π€£3π€2π’2π1
Let's discuss university degrees and whether or not they're required for cybersecurity.
This may come as a shocker to some people, but universities are higher education institutions. Universities are not job fairs. If you attend a university your primary objective is to get an education and hope that this can directly transform into getting a career where you can apply this knowledge. A university does not necessarily mean you're being taught cutting edge material and it does not guarantee a job anywhere.
An education is not the same as on the job experience and it does not directly correlate to what is (or is not) trending in the market place. Some employers discriminate against people who do not hold a degree because they believe the person may lack sufficient educational requirements for the position, but fail to realize on the job experience may be superior to a traditional higher education route.
If you've got a degree, that is very cool. Congratulations.
If you do not have a degree, that is very cool. Congratulations.
Cybersecurity is a unique career field in that there is no traditional career path to reach the 'end goal'. It is a flexible career field and can accommodate essentially anyone regardless of how they tailored their skills.
Having a degree does not make you a superior person. Not having a degree does not make you a superior person. We are all colleagues. Be nice to each other.
Enjoy your weekend.
This may come as a shocker to some people, but universities are higher education institutions. Universities are not job fairs. If you attend a university your primary objective is to get an education and hope that this can directly transform into getting a career where you can apply this knowledge. A university does not necessarily mean you're being taught cutting edge material and it does not guarantee a job anywhere.
An education is not the same as on the job experience and it does not directly correlate to what is (or is not) trending in the market place. Some employers discriminate against people who do not hold a degree because they believe the person may lack sufficient educational requirements for the position, but fail to realize on the job experience may be superior to a traditional higher education route.
If you've got a degree, that is very cool. Congratulations.
If you do not have a degree, that is very cool. Congratulations.
Cybersecurity is a unique career field in that there is no traditional career path to reach the 'end goal'. It is a flexible career field and can accommodate essentially anyone regardless of how they tailored their skills.
Having a degree does not make you a superior person. Not having a degree does not make you a superior person. We are all colleagues. Be nice to each other.
Enjoy your weekend.
π165β€70π€30π―21π6π«‘5π€£3π€2π’2π2π1