Anonymous Sudan Claims Successful Takedown of First Abu Dhabi Bank Website & Application Via DDoS Attacks

CloudSEK’s contextual AI digital risk platform XVigil discovered the threat actor group Anonymous Sudan claiming responsibility for disrupting the services of the First Abu Dhabi Bank website and application.
Updated on
May 29, 2023
Published on
May 29, 2023
Subscribe to the latest industry news, threats and resources.

Category:  Adversary Intelligence

Industry:  Banking & Finance

Motivation: Hacktivism

Region:  Middle East


B - Usually reliable
2 - Probably true

Executive Summary

On 21 May 2023, CloudSEK’s contextual AI digital risk platform XVigil  discovered the threat actor group Anonymous Sudan claiming responsibility for disrupting the services of the First Abu Dhabi Bank website and application. The Attack was conducted under the context of the UAE’s Geopolitical Stance and its support for the Rapid Support forces. Additionally, the discussions in the group suggest that such DDoS attacks would continue and escalate in the UAE. 

Snapshot from the Groups Telegram Channel

Affected Entities

The threat actor group, Anonymous Sudan, shared a screenshot of the First Abu Dhabi Bank (FAB) application under system maintenance, claiming responsibility for taking down both the FAB website and application.

FAB Website targeted with DDoS

First Abu Dhabi Bank :

FAB Mobile Banking : Google Play Store URL

TTP (Tactics, Techniques, and Procedures)

The group has three main attack vectors as observed until now, out of the three, DDoS attacks are the predominant ones in comparison to the other two. The attack vectors are: 

1. Defacement Attacks: Defacement (T1491.001: internal defacement, T1491.002: external defacement ) 

  • The Hacktivist group modifies websites and adds images & Videos of their cause with Names and Account IDs which violates the integrity of the webpage and the domain. 

2. DDoS Attacks (Network Denial of Service(T1498.001: Direct Network Flood, T1498.002: Reflection Amplification)): 

  • The Hacktivist group conducts DDoS attacks on organizations to disrupt or shut down the online operations of the targeted organizations, causing inconvenience or damage to their operations. 
  • The DDoS Attack method has been the most employed attack vector for the group. 
  • IOCs for the DDoS attacks have been attached in the below IOC Section

3. Compromise Accounts ( T1586.002: Email Accounts)

  • In some observed instances, the group has been found to compromise the accounts of users of the targeted entities. This is likely accomplished through a method known as credential stuffing, which involves using compromised data that is openly available from various sources on Dark web forums & Telegram Channels. 
  • This technique involves the automated injection of previously breached username and password combinations into login pages, in order to gain unauthorized access to the targeted accounts of users of the organization.

Information on the Group

  • The group “Anonymous Sudan” has been observed to conduct DDoS attacks and breach multiple public and government organizations since January 2023.
  • They identify themselves as Sudanese hacktivists with political motivations.
  • The group has been seen actively participating in attacks initiated by Killnet as it claims to be a part of Killnet.
  • Multiple large and famous Russian hacktivists were observed promoting Anonymous Sudan in their private and public telegram channel.
  • A representative from Anonymous that Anonymous Sudan is not Anonymous and that there is no connection between them.

It was mentioned by a source that Anonymous Sudan uses a cluster of 61 paid servers hosted in Germany to generate the traffic volume required for a DDoS attack.

Threat Actor Activity and Rating

Threat Actor Profiling

Active since

January 18, 2023


#AnonymousSudan #Infinity Hackers Group #KILLNET #ANONYMOUS RUSSIA #FuckNato #OpSweden #OpSudan


Claimed to be from Sudan but Telegram registration denotes Russia.

Past Victims

Multiple public organizations in:

  • Sweden

  • India

  • Israel

  • United States of America

  • Denmark


Hacktivist Association

Infinity Hackers Group, Killnet, Anonymous Russia, MistNet, UserSec

IOCs (Indicators of Compromise)

IP Address

Impact & Mitigation


  • DDoS can leave websites more vulnerable as some security features may be offline due to the attack.
  • Damaged infrastructure can cause the collapse of services provided by the website.
  • Websites become vulnerable to further attacks.
  • Discrepancies for users accessing affected websites and resources


  • Deploy load balancers to distribute traffic.
  • Enable rate-limiting mechanisms.
  • Configure firewalls and routers to filter and block traffic.
  • Utilize content delivery networks (CDNs) to distribute traffic.
  • Implement bot-detection technologies and algorithms -to identify large-scale web requests from botnets employed by actors to conduct DDOS Attacks


Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations