{ "id": "57f3212f-7a99-46c6-b348-9764e2b578f9", "created_at": "2026-04-06T00:14:02.624816Z", "updated_at": "2026-04-10T03:25:39.848667Z", "deleted_at": null, "sha1_hash": "2990cd99558e1a5e3e165eec606bb4129705203b", "title": "Scandinavian Airlines hit by cyberattack, ‘Anonymous Sudan’ claims responsibility", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 79791, "plain_text": "Scandinavian Airlines hit by cyberattack, ‘Anonymous Sudan’\r\nclaims responsibility\r\nBy Daryna Antoniuk\r\nPublished: 2023-03-28 · Archived: 2026-04-05 12:46:39 UTC\r\nA cyberattack on Scandinavian Airlines (SAS) knocked its website offline and exposed some customer data on\r\nTuesday. Customers who attempted to log into the SAS mobile app were sent to someone else’s account and had\r\naccess to their contact information and itineraries, among other things.\r\nSAS said in a statement that there was “no risk that this information could be exploited” and that passport details\r\nwere not part of the compromised information, according to a company statement. SAS is the flagship carrier for\r\nDenmark, Norway and Sweden and did not respond to The Record’s request for more information about how\r\nmany customers were affected by the breach.\r\nIt was a tough Valentine’s Tuesday for Sweden more generally. A cyberattack took its national public television\r\nbroadcaster, SVT, offline temporarily and a number of its companies, universities and telecom operators were also\r\non the receiving end of cyberattacks.\r\nA group calling themselves “Anonymous Sudan” took responsibility for both attacks, and SVT said in a statement\r\nposted on its website that the group blamed the burning of a Quran during demonstrations in January protests in\r\nStockholm for motivating the attacks. A statement by people claiming to be part of Anonymous Sudan posted a\r\nstatement on Telegram saying as much.\r\n“We will continue the attacks in a large and violent manner, if an official apology is not issued by the Swedish\r\ngovernment regarding the burning of the Quran,” the group said.\r\nMeanwhile, pro-Russian hackers from the UserSec group said on Telegram they were helping Anonymous Sudan\r\nattack Sweden’s airports.\r\nEarlier on Tuesday, hackers from a group called Al-Toufan claimed responsibility for taking down  websites for\r\nBahrain’s international airport, its state news agency, and a chamber of commerce. They said it was to mark the\r\n12-year anniversary of the country’s Arab Spring uprisings.\r\nThe Bahrain airport website was unavailable for at least a half an hour on Tuesday. As of Wednesday, the group\r\nappears to be continuing its attacks on other companies and organizations in Bahrain.\r\nOver the past few months, airlines around the world have increasingly suffered from cyberattacks and technical\r\nissues. Lufthansa was forced to cancel or divert flights to Germany’s busiest airport in Frankfurt on Wednesday\r\ndue to an IT failure that left thousands of passengers stranded.\r\nIn January, a technical glitch crippled thousands of flights across the United States. A preliminary investigation\r\nhas traced the issue to a damaged database file, with no evidence that hackers were behind it, though U.S. officials\r\nhttps://therecord.media/scandinavian-airlines-cyberattack-anonymous-sudan/\r\nPage 1 of 3\n\ncautioned that much of the country’s aviation industry uses outdated systems, making them easy targets for\r\ncriminal and nation-state hackers who want to wreck havoc.\r\nThe White House organized meetings with aviation industry leaders aimed at seeing if there are ways to beef up\r\ncybersecurity alongside that of other key sectors of the American economy. In the meantime, U.S. officials want to\r\nrequire that all cybersecurity incidents experienced by aviation firms are reported to the Cybersecurity and\r\nInfrastructure Security Agency (CISA) within 24 hours.\r\nNo previous article\r\nNo new articles\r\nDaryna Antoniuk\r\nis a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in\r\nEastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for\r\nForbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.\r\nhttps://therecord.media/scandinavian-airlines-cyberattack-anonymous-sudan/\r\nPage 2 of 3\n\nSource: https://therecord.media/scandinavian-airlines-cyberattack-anonymous-sudan/\r\nhttps://therecord.media/scandinavian-airlines-cyberattack-anonymous-sudan/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "references": [ "https://therecord.media/scandinavian-airlines-cyberattack-anonymous-sudan/" ], "report_names": [ "scandinavian-airlines-cyberattack-anonymous-sudan" ], "threat_actors": [ { "id": "e53fc09e-24cc-40d4-b38d-7e2d6dbe81d8", "created_at": "2023-03-17T02:01:50.851615Z", "updated_at": "2026-04-10T02:00:03.362605Z", "deleted_at": null, "main_name": "Anonymous Sudan", "aliases": [], "source_name": "MISPGALAXY:Anonymous Sudan", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "a3917c91-ec7d-485f-8784-bfb1b1a78359", "created_at": "2023-11-08T02:00:07.13872Z", "updated_at": "2026-04-10T02:00:03.424164Z", "deleted_at": null, "main_name": "UserSec", "aliases": [], "source_name": "MISPGALAXY:UserSec", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434442, "ts_updated_at": 1775791539, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/2990cd99558e1a5e3e165eec606bb4129705203b.pdf", "text": "https://archive.orkl.eu/2990cd99558e1a5e3e165eec606bb4129705203b.txt", "img": "https://archive.orkl.eu/2990cd99558e1a5e3e165eec606bb4129705203b.jpg" } }