Hacker group Anonymous Sudan demands $3 million from Scandinavian Airlines

The hacker group "Anonymous Sudan" has made an unexpected demand of $3 million from Scandinavian Airlines (SAS) in order to halt distributed denial-of-service attacks (DDoS) that have been targeting the airline's websites since February.

Despite initially presenting themselves as politically-motivated hacktivists, the group appears to be resorting to using extortion tactics for financial gain.

On Monday, Anonymous Sudan shared a ransom note on its Telegram channel claiming that SAS and its services have been paralyzed for more than five days. They warned that unless the company takes action, it risks further upsetting its already frustrated customers.

The company's website is up and running at the time of publication.

The company has responded to user complaints on Facebook, acknowledging an issue with its website and assuring customers that SAS is "working to resolve it quickly." SAS did not respond to The Record’s inquiries.

Meanwhile, Anonymous Sudan continues to escalate their demands, raising their initial price from $3,500 to a staggering $3 million.

“We will keep punishing you and your company non-stop as we have been doing for the past 120 hours,” hackers wrote on Telegram. “It will end badly for you and we won't be harmed.”

Anonymous Sudan first began targeting SAS in February, knocking its website offline and exposing some user data. Some customers who attempted to log in to the SAS mobile app were sent to others’ accounts and had access to their contact information and itineraries.

The group blamed the burning of a Quran during demonstrations in January protests in Stockholm for motivating the attacks.

Anonymous Sudan followed up the incident with cyberattacks on Sweden’s national public television broadcaster, German airports, Danish hospitals, as well as Israeli banks, news websites, and, most recently, a missile warning system.

Anonymous Sudan is not an authentic part of the Anonymous hacktivist movement but “most likely created as part of a Russian information operation to harm and complicate Sweden's NATO application,” according to a report published by Swedish cybersecurity company Truesec.

Truesec noted the Anonymous Sudan account on Telegram has its user location listed as Russia, and most of its targets are nations that support Ukraine in its fight against Russia. Other research from the Chicago-based company Trustwave found that there are indications that Anonymous Sudan is a sub-group of the Pro-Russian state-sponsored hacker group Killnet. Anonymous Sudan has openly associated itself with this group.

Trustwave also found some evidence that Anonymous Sudan is financially motivated, as it attempted to sell data stolen from French flag carrier Air France.

Although the group mainly carries out unsophisticated DDoS attacks, they can have serious consequences as they target critical facilities such as hospitals, airports, banks, and government institutions, the researchers said.