SAS airlines breached by pro-Russian hackers – again

For the second time this year, Scandinavian Airlines has been reportedly breached by the pro-Russian hacking group Anonymous Sudan, knocking the SAS website and its app offline for hours.

SAS customers began to complain on Twitter about not being able to get on the airline’s website around 6:30 am ET Wednesday morning.

"Hello, yes we have technical issues with the website today, it is reported and being investigated. Please try again later, we are working on resolving the issue as soon as possible," SAS responded to most followers.

Around the same time, the Anonymous Sudan hacktivist gang pinned this message to the top of their encrypted their Telegram channel.

“We were bored and we missed Sweden and we missed Scandinavian Airlines so we dropped the SAS app and website,” the post read.

The group then apparently tried to blackmail the Swedish based airlines with a $3500 ransom to stop the attack.

“Let us play a beautiful game with you, SAS company. You previously tried to repel the attack and were unable, and this is the second strike that we proved to you that we can,” the group posted around 10:30 am ET.

“What do you think we tell you how to repel the attack for $3,500? Or blackmail you and take $3,500 to stop the attack?,” it said.

The group told SAS that it had an hour to negotiate with their Anonymous Sudan bot on Telegram, or they would continue the barrage attacks throughout the day, as well as leaking “something you will not like.”

Unfortunately, during the attack, SAS tweeted to customers that the official Danish version of the airline’s website was still operating, providing another website address for Anonymous Sudan to knock offline.

“Ironically, thank you for giving us your other site for us to f@#$ also, keep going 🤣,” Anonymous Sudan posted soon after.

According to the SAS corporate website, the flagship airline carrier for Denmark, Norway, and Sweden typically boasts more than 800 scheduled flights per day to over 130 destinations worldwide.

In February, Anonymous Sudan successfully claimed the airlines as part of a pre-planned Valentine’s Day attack against Sweden, knocking the SAS website offline for hours and compromising sensitive passenger data.

The Valentine’s Day attacks also included several Swedish media outlets.

The group claimed to have attacked the Swedish companies as retaliation for the burning of a Quran by a well-known Swede/Dane activist during a January protest in Stockholm to support Sweden’s bid to join NATO.

Cybernews can confirm that both SAS sites and the app had been offline at various times throughout Wednesday, and were still offline by late afternoon.

Anonymous Sudan is here to stay

The Sudan-based hacktivist group first came on the scene this January and, besides raising awareness for the plight of the Sudanese people, seems to target its victims for mostly religious reasons.

Anonymous Sudan is known to work closely with other Russian-affiliated gangs, such as KillNet and a relatively new group of hackers known as UserSec.

All three gangs commonly target their victims using Distributed Denial-of-Service (DDoS) attacks, which typically flood a website’s servers with traffic requests causing the network to overload and shut down.

Besides the attacks in Sweden, the gang recently joined a KillNet campaign to target NATO and EU member nations.

Last month, Anonymous Sudan launched its own ongoing campaign against Israel’s critical infrastructure.

Over forty organizations in the Jewish nation were hit with cyberattacks in just one day, including the personal website of Israeli Prime Minister Benjamin Netanyahu and Israel’s infamous covert spy agency Mossad.

Cybernews will follow the story.