CTI Weekly: Important Updates -Anonymous Sudan Claims Microsoft Data Theft, MOVEit Data Theft Campaign, ALPHV Malware Distribution, Port of Nagoya Ransomware Attack, DDoS Alerts, Google Analytics Risks

Key Issue:

Anonymous Sudan claims to have stolen Microsoft customer data during recent disruptive operations.

Anonymous Sudan, a pro-Russian hacktivist group, claimed to have stolen 30 million customer accounts from Microsoft. In June 2023, Microsoft customers experienced difficulties accessing OneDrive due to a Distributed Denial-of-Service (DDoS) attack carried out by Anonymous Sudan.


Microsoft confirmed the group’s involvement and revealed that layer 7 DDoS attacks were responsible for the disruption. On July 2, Anonymous Sudan announced that they had breached Microsoft’s servers during the incident and allegedly obtained credentials for over 30 million customer accounts.

Anonymous Sudan posted a listing on their Telegram channel, offering a “large database” containing the alleged Microsoft accounts, emails, and passwords for sale at USD 50,000.


They included a sample of 100 credential pairs as proof. Microsoft, however, denied the group’s claim of a data breach, stating that there is no evidence of customer data being accessed or compromised.


The low asking price for the credentials raises doubts about the authenticity of Anonymous Sudan’s claims. It is likely that the group is trying to monetize their recent successful DDoS attacks. Although Anonymous Sudan has previously conducted successful data breach operations, their primary focus has been on DDoS attacks and disruptive activities.


While Anonymous Sudan may be exaggerating the impact of their actions against Microsoft in this case, their collaboration with other groups like KillNet and Sodinokibi indicates a potential shift in their activities.


These partnerships could lead to the development of enhanced capabilities in the future, as they collaborate with more sophisticated non-hacktivist groups, particularly in targeting the Western financial system. Read the full report here.

Download the PDF for our analysis of this week’s top Cyber Threat Intelligence news.

Other news:


MOVEit Data Theft Campaign

The Clop ransomware gang continues to list companies compromised during the MOVEit data theft campaign to their leak site. The total number of companies listed on their website stands at 107 as of 6 July 2023.


ALPHV has been observed distributing malware disguised as a legitimate WinSCP downloader in a recent malvertising campaign. ALPHV operators also used a new tool labelled SpyBoy to disable antivirus mechanisms.
A Taiwanese Semiconductor Manufacturing Company has suffered a data breach following the LockBit ransomware compromise of one of its third-party IT vendors, Kinmax Technology.

Japan’s largest port, the Port of Nagoya, has been forced to halt operations after a ransomware compromise. This incident is expected to cause mass financial and operational disruption as the port accounts for roughly 10% of Japan’s trade volume.


Law Enforcement Activity

The US Cybersecurity and Infrastructure Security Agency has released an alert warning of DDoS attacks targeting entities across multiple sectors. This alert comes after recent reports of DDoS attacks compromising the websites of multiple US government entities.

The Swedish Authority for Privacy Protection has warned companies against using Google Analytics due to risks posed by US government surveillance.

Subscribe below for more and to discover other significant cyber criminals, nation-state and hacktivist news.